Giulio Ferro wrote:
I finally got the problem, and it had nothing to do either with vlans or
with carp.
The firewall I was setting up was meant to replace an existing freebsd
firewall
which didn't use vlans (it had a lot of nics).
The problem was that the network port where our ISP brings the internet
connection
still had the old aliased mac addresses in its arp cache.
Thank you Giulio (is it Gio?)... for replying everyone with a definitive
conclusion. Thats fantastic for the followers of the thread, but the
archives as well.
For some
reason when I
plugged in the new firewall, only the base non-aliased address was
updated in
the ISP switch arp cache (if someone can throw a guess at why, I'm eager
to listen).
Well, you need to know what type of switch they had upstream, and why
they weren't updating their ARP cache dynamically properly. Perhaps
because their cache ttl was too long (due to the type of hardware, or
administrative setting).
I almost have to assume it wasn't a Cisco... only because I would have
expected different behavior (less administrative setting) (this is my
personal experience...I'm not trying to favour a brand in any way).
Perhaps you could ask them to provide the command they issued to
determine how they found the problem. Better yet, ask what type of
device your box is connected to at their end of the VLAN.
If you can find out what device they have at their end, it may almost be
possible to non-destructively, and non-corruptively 'force' them to
clear arp-cache remotely, and at the same time provide advice to the
non-unscrupulous people who may run into this in the future.
I'd be just as interested to know what they had at their end for
hardware, as I have been waiting to hear what your resolution was
throughout your time consuming troubleshooting...
Steve
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
