My understanding of forwarding also was that address learning is a
normal part of switch operation. But, I find it odd that turning that
off lets the fail-over box ping the CARP IP on the primary box, with
address learning on, I am unable to do that.
A clarification about the Carp setup -- Each PfSense server has a
dedicated interface connected to each other via a crossover cable. This
is the interface that is configured to send and receive pfsync and its
related traffic in the carp setup page. The firewall rules for this
dedicated interface on each server are to allow all traffic on the
interface.
With a dedicated interface for the Carp related stuff to use, do the
other interfaces still send and receive multi-cast pfsync traffic?
On 2/9/2011 5:10 PM, David Newman wrote:
On 2/9/11 1:12 PM, Vaughn L. Reid III wrote:
According to page 15 of the reference manual "address learning" is:
Enable or disable MAC address learning for the selected ports. When
Enabled, destination and
source MAC addresses are automatically listed in the forwarding table.
When address learning
is Disabled, MAC addresses must be manually entered into the forwarding
table. This is
sometimes done for reasons of security or efficiency. See the section on
Forwarding/Filtering
for information on entering MAC addresses into the forwarding table. The
default setting is
Enabled.
This just means the switch dynamically learns the source MAC of each
attached device. 99.999 percent of all switches on the market have
dynamic MAC learning enabled. This isn't the problem.
One other thing. I need to note that I have dedicated a CARP interface
on each Pfsense box connected to each over via a cross-over cable.
Sorry, I don't completely understand your CARP setup. I too use a
crossover cable between pairs of boxes but that's for pfsync, not CARP.
pfsync migrates table state between pf boxes; CARP is for redundant
sharing of a virtual IP address among multiple pf boxes, and would be of
little use on a network consisting of a crossover cable.
IIRC CARP uses multicast addressing for its keepalive messages. You
might also want to verify that the switch is configured to forward
multicast.
dn
On 2/9/2011 2:35 PM, e...@tm-k.com wrote:
[snip]
Address Learning enabled on the Switch (default setting):
[snip]
Can you briefly explain what 'address learning' is according to D-Link?
---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com
Commercial support available - https://portal.pfsense.org
---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com
Commercial support available - https://portal.pfsense.org
---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com
Commercial support available - https://portal.pfsense.org
---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com
Commercial support available - https://portal.pfsense.org
