Apologies, PBX has nothing to do with any of it, I meant to type pfsense... Trying to do too much at once ;)
I think we are using MSTP- I will have to 2x check w/ my network engineer. We are using a Cisco 6509, but not pvst I know for sure. I will try to elaborate as much as possible- we have vlan 6 - unprotected internet - external side of the transparent bridge vlan 66 - protected internet - internal side of the transparent bridge We have fw01 which is the primary pfsense instance, fw02 which is the secondary pfsense instance. Both fw01 and fw02 have a single uplink to 6 and 66. There is a 3rd nic setup on a mangement network, which is where CARP is configured and replicating. The issue is that fw01 and fw02 are not aware of each other enough to work together and realize one of them needs to put an interface in blocking mode to prevent the loop. Austin Smith, A+, NET+, SMBE, MCSA Director of Information Techology Digital Compass (404) 410-2708 direct (404) 410-2701 fax 949 W. Marietta Street, Suite x104 Atlanta, GA 30318 **For immediate assistance please contact our technical team at 888-640-2260** ________________________________ From: Adam Thompson [[email protected]] Sent: Wednesday, September 07, 2011 12:34 PM To: [email protected] Subject: RE: [pfSense Support] STP on Redundant Transparent Firewalls Then STP *is* working. :-) I’m unclear on how you can have CARP functioning – or even what you’re attempting, actually – if the two pfSense boxes are covering different VLANs; can you provide more detail on your setup? Also, what flavour of STP are you using? STP? RSTP? MSTP? PVSTP? If you don’t know, just tell us what kind of switch(es) are involved. Lastly, what does your PBX have to do with any of this? -Adam Thompson [email protected]<mailto:[email protected]> From: Austin G. Smith [mailto:[email protected]] Sent: Tuesday, September 06, 2011 13:09 To: [email protected] Subject: [pfSense Support] STP on Redundant Transparent Firewalls Greetings- We have 2 pfsense machines that are bridged on different vlans operating as a transparent firewall. These machines are setup for CARP replication to each other, which is verified functioning. However, for somereason, the STP is not quite functioning on the secondary PBX. We have to keep one of the interfaces down, or we get in a loop situation. Has anyone experienced this behavior that can advise a work around? What are we missing here? Thank you- Austin Smith, A+, NET+, SMBE, MCSA Director of Information Techology Digital Compass (404) 410-2708 direct (404) 410-2701 fax 949 W. Marietta Street, Suite x104 Atlanta, GA 30318 **For immediate assistance please contact our technical team at 888-640-2260**
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
