On Tue, Apr 28, 2009 at 11:17:04AM +0300, Yordan Boikov wrote: > Hi, > > we have two SSG 520M firewalls and two ex4200 switches > > > [ SSG520M fw1 ][eth1/7] ----- [ge-0/0/3][ ex4200 sw1 > ][ge-0/1/2]===trunk===[ge-0/1/2][ ex4200 sw2 ][ge-0/0/3] ---- > [eth1/7][ SSG520M fw2 ] > > I want to configure HA between fw1 and fw2 > the problem is that sw2 doesn't see fw1 > > sw1>show ethernet-switching table vlan ha-vlan > Ethernet-switching table: 2 unicast entries > VLAN MAC address Type Age Interfaces > ha-vlan * Flood - All-members > ha-vlan 00:22:83:88:38:15 Learn 0 ge-0/0/3.0 > ha-vlan 00:22:83:88:3f:15 Learn 0 ge-0/1/2.0 > > sw2> show ethernet-switching table vlan ha-vlan > Ethernet-switching table: 1 unicast entries > VLAN MAC address Type Age Interfaces > ha-vlan * Flood - All-members > ha-vlan 00:22:83:88:3f:15 Learn 0 ge-0/0/3.0 > > > both switches have same config and same junos version. > IGMP snooping is disable for all VLANs
Two things to check: 1) The trunk connecting ge-0/1/2.0 to ge-0/1/2 needs to permit ha-vlan on both switches. 2) Have you renamed or changed the tag on ha-vlan on sw2? If so, there is a bug on the ex4200 that prevents reliable learning of MAC addrs. Delete ha-vlan, commit, recreate ha-vlan, and then try again. Remember to enable active NSRP HA probing with a setup like this. It's also useful to pick a production interface as an NSRP secondary path. -- Ross Vandegrift r...@kallisti.us "If the fight gets hot, the songs get hotter. If the going gets tough, the songs get tougher." --Woody Guthrie _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp