[FW-1] Simplified VRRP explaination needed with IPSO 4.1 build 19

Wed, 07 Feb 2007 10:12:18 -0800 

Hi All,
   
  I have single Nokia Enforcement module running simplified extended VRRP on 
IPSO 4.1 
  build 19.  I am planning to add  another Nokia Enforcement module later as 
Active/Standby
  configuration.
   
  When I configure simplified VRRP on the nokia, let say the IP address of the 
physical 
  interface is 192.168.1.5/24 and the vrrp ip address is 192.168.1.4.  The VRRP 
mac address
  comes up as follows:
   
  Ip560-1-P[admin]# ifconfig eth-s2p1
eth-s2p1c0:  lname EXTERNAL 
flags=e7<UP,PHYS_AVAIL,LINK_AVAIL,BROADCAST,MULTICAST,AUTOLINK>
        inet mtu 1500
        inet 192.168.1.5/24 broadcast 192.168.1.255
        inet 192.168.1.4/24 broadcast 192.168.1.255 vrrpmac 2:0:5e:c8:59:1
        phys eth-s2p1 flags=4133<UP,LINK,BROADCAST,MULTICAST,PRESENT>
        ether 0:a0:8e:a5:be:c4 speed 1000M full duplex
Ip560-1-P[admin]#
   
  Now I adding another IP address to this interface and reconfigure VRRP and I 
get this:
   
  Ip560-1-P[admin]# ifconfig eth-s2p1
eth-s2p1c0:  lname EXTERNAL 
flags=e7<UP,PHYS_AVAIL,LINK_AVAIL,BROADCAST,MULTICAST,AUTOLINK>
        inet mtu 1500
        inet 192.168.1.5/24 broadcast 192.168.1.255
        inet 192.168.10.5/24 broadcast 192.168.10.255
        inet 192.168.1.4/24 broadcast 192.168.1.255 vrrpmac 2:0:5e:cd:ed:1
        inet 192.168.10.4/24 broadcast 192.168.10.255 vrrpmac 2:0:5e:cd:ed:1
        phys eth-s2p1 flags=4133<UP,LINK,BROADCAST,MULTICAST,PRESENT>
        ether 0:a0:8e:a5:be:c4 speed 1000M full duplex
Ip560-1-P[admin]#
   
  which is what I expected.
   
  Now when I remove 192.168.10.5/24 on the interface and 192.168.10.4 from VRRP 
I get this:
   
  Ip560-1-P[admin]# ifconfig eth-s2p1
eth-s2p1c0:  lname EXTERNAL 
flags=e7<UP,PHYS_AVAIL,LINK_AVAIL,BROADCAST,MULTICAST,AUTOLINK>
        inet mtu 1500 192.168.1.5/24 broadcast 192.168.1.255
        phys eth-s2p1 flags=4133<UP,LINK,BROADCAST,MULTICAST,PRESENT>
        ether 0:a0:8e:a5:be:c4 speed 1000M full duplex
Ip560-1-P[admin]#
   
  Basically, the VRRP mac address for 192.168.1.4 is not in there when I do 
ifconfig eth-s2p1.
  Even if I reboot the box, I still could not get the VRRP mac address back 
unless I go back
  in to VRRP and delete the whole thing and recreate it again.  Only then I see 
the VRRP 
  mac address on interface eth-s2p1.
   
  Is this expected behavior or is it a bug in IPSO 4.1?  Thanks.
   
  cisco4ng




 
---------------------------------
Don't be flakey. Get Yahoo! Mail for Mobile and 
always stay connected to friends.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================

Reply via email to