Spanning tree port lockout will nail you pretty hard with CARP. Make sure your switch ports (if managed switches) are in port fast. Also, make sure that you haven't inadvertantly turned on port security and limited the port to a single MAC (each CARP VHID uses a MAC along with the physical interfaces MAC).
--Bill On 7/14/06, Royce Mitchell III <[EMAIL PROTECTED]> wrote:
Alastair Stevens wrote: > Hi again > > We're gradually getting closer to our desired setup: 2 pfSense boxes > with CARP failover, each with multiple LAN interfaces and > load-balanced dual WANs. This is obviously quite a complex setup, and > getting it all working at once seems elusive - but we're almost there! > > At the moment, the biggest problem is still CARP. When firewall B is > brought up, it tries to become "master" for both LAN interfaces, > whilst remaining "backup" for the WANS. This is at the same time that > firewall A is "master" for everything, as it should be. So the CARP > failover just isn't working - the machines seem to be fighting each > other to become master, which breaks things. > > I have checked the settings, and consulted the list, multiple times, > but can't get to the bottom of this. Any more ideas on why CARP is > behaving so erratically? > > The machines are both running RC1 + SNAPSHOT_07_06_2006, as suggested > by Scott earlier, and they have a dedicated crossover link for the > pfsync traffic. > > Regards > Alastair > I have an almost identical setup, except I'm not carping my WAN2, only WAN and LAN. When firewall A reboots it many times will only get one of the carps. When I reboot B that clears it up for me. However, I have only rarely experienced a problem with B taking over upon boot up. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
