Hi, everyone. Would you be so kind to explain me how to correct catalist configs to get my firewall working in active-ative cluster.
For now it is working in that manner: OpenBSD 4.6 box with 3 em cards em2 as external with carp0 binding # cat /etc/hostname.carp0 inet 77.72.17.134 255.255.255.252 77.72.17.135 -inet6 vhid 1 carpdev em2 pass ext advskew 20 up em1 as pfsync intarface and emo as internal trunk interface with 50 vlans on it # cat /etc/hostname.vlan10 -inet6 vlan 10 vlandev em0 up # cat /etc/hostname.carp10 inet 172.16.0.254 255.255.255.0 172.16.0.255 -inet6 vhid 10 carpdev vlan10 pass vlan10 advskew 20 up P0nd so on up to vlan 50. catalist is configured as follows vtp mode transparent interface FastEthernet0/9 description external mirror1 switchport access vlan 989 switchport mode access spanning-tree portfast end interface FastEthernet0/12 description internal mirror1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1-512 switchport mode trunk spanning-tree portfast end mac-address-table notification interval 600 mac-address-table notification history-size 500 mac-address-table notification mac-address-table aging-time 0 vlan 1 After adding second node to the cluster all the system including switch stops responding. mirror1 # cat /root/carp/hostname.carp10 inet 172.16.0.254 255.255.255.0 172.16.0.255 -inet6 carpdev vlan10 vhid 10 pass vlan10 carpnodes 10:0,139:100 balancing ip-stealth up mirror2 # cat /root/carp/hostname.carp10 inet 172.16.0.254 255.255.255.0 172.16.0.255 -inet6 carpdev vlan10 vhid 139 pass vlan10 carpnodes 139:100,10:0 balancing ip-stealth up interface FastEthernet0/13 description external mirror2 switchport access vlan 989 switchport mode access end interface FastEthernet0/3 description internal mirror2 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1-512 switchport mode trunk end Moreover , when I've tried to configure external carp interrfaces with the option balancing ip or balancing ip-unicast, one of the interfaces did not turned in a working state.Changing adskew on the second host to zero didn't help. So the question mainly is how to configure the cisco catalist switch to provide redundancy and balancing for the firewall. As I undestood from the openbsd manuals, the configs I'm using are correct. Maybe anyone has a working configuration for that.
