-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 E. M. Recio <[EMAIL PROTECTED]> wrote: > > The problem is that when we lose one interface, it does not pull the > other interfaces over with it. However, if I unplug the cable, or > shut down the port, the nokia's failover from primary to secondary OK.
This sounds like VRRP, working as designed. > For example, we lost our DMZ switch recently. The switch was dead, > but because the nokia is plugged into another switch in between (which > was OK) there was a link light still on all three nokia interfaces. > The problem is that the dmz interface was the only one to switch over > to the secondary nokia, but none of the other ones did. The Primary device only uses its interface link status to decide what to do. It sees all of its interfaces have link, so it advertises with full priority on all of them. It does not know that it cannot reach the required subnet due to an intermediate switch failure. The Secondary device uses link status, and also listens for VRRP advertisements from the Primary. When the intermediate switch fails, the Secondary no longer hears the advertisements from the Primary, so it becomes master on that interface. However, it does continue to receive advertisements from the Primary on its other interfaces, so it cannot take over those interfaces. Do you believe that the Secondary should have decided, on its own, to raise its priority over and above the Primary's so as to take over as VRRP master? VRRP does not really work that way. - -- David DeSimone == Network Admin == [EMAIL PROTECTED] "This email message is intended for the use of the person to whom it has been sent, and may contain information that is confidential or legally protected. If you are not the intended recipient or have received this message in error, you are not authorized to copy, dis- tribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. Verio, Inc. makes no warranty that this email is error or virus free. Thank you." --Lawyer Bot 6000 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFIRrjSFSrKRjX5eCoRAkYhAKCbvOBK4c7OqfeKMp9zRDcQ6IMsQQCfZpwt VqrSC5h2JZSm4jchmZq7VaM= =Tc+a -----END PGP SIGNATURE----- Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
