VRRP over sub-interfaces will work well 99% of the time. That being said, I just visited a colleague of mine who is a government contractor and he told me the cisco VoIP apps do not work well with VRRP over sub-interfaces. Specifically, he has Cisco Call Manager and Cisco Unity Servers sitting on one of Nokia sub-interfaces and weird problems happened, calls get dropped for no reasons. After he moved Cisco Call Manager and Unity Servers into a dedicate VLAN of a Nokia physical interface, his VoIP applications start working again. For most Webs applications, VRRP sub-interfaces will work fine. my 2c.
Rajeev Gupta <[EMAIL PROTECTED]> wrote: Thanks to all for your valued inputs! Rajeev On 3/2/06, stéphane bertrand wrote: > Hi, > > No worries, you wont' have any problem dealing with VRRP sub-int. > This subjetct is half about Nokia and half about C.P. > > At CP level, think to add VRRP interface in your topology Object (and > cluster), or you will have 2 Masters Fw (no comment about this > end-of-world situation) > > At the appliance level, just be aware of this fact: > > * If you have already configure the VRRP interface eth-s1-p1-c0, and > after you proceed to the sub-division of the interface, > > * IF you keep the same @IP to eth-s1-p1-c1, you could have an odd VRRP > behavior ! > > => Delete the VRRP interface before !!! (because of the risk of > corruption of the VRRP config file) > > Otherwise in case of VRRP corruption, here is a usefull procedure to > allows you to delete the VRID or the VRRP. > > -------! ! This will interrup connections ! ! ------- > 1- Execute this commande in cd/config/ "sort active > /config/db/fixed" > 2- Edit the file "fixed" and manually delete all the line you need > (for example: > ipsrd:instance:default:vrrp:interface:eth-s1p1-c0;viretualrouter:N°VRID) > 3- Save, > 4- From Voyager; for: "database files currently available", select "Fixed" > 5- Apply + Save > 6- In voyager: "Save new current databse" and delete the "fixed" file > > Enjoy, > Steven > > > 2006/3/1, Rajeev Gupta : > > Hi, > > > > Firewall has just three interfaces - internal/external and a third for > > the sync - internal would be vlan'ed - three sub-interfaces - would > > like to implement VRRP over these sub-interfaces and the internal > > interface. - External's would have normally configured VRRP (obviously > > no vlan's) > > Any experiences if VRRP would gracefully work on the internal > > sub-interfaces in this environment? > > > > Would highly appreciatie your valuable feedback. > > > > Thanks, > > > > Rajeev > > > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= --------------------------------- Yahoo! Mail Bring photos to life! New PhotoMail makes sharing a breeze. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
