>Could you send your ifconfig bridge output from both firewalls?
>If STP is turned off on the four switch ports that the firewalls are
>patched, one of the two firewalls must be root of the spanning tree.
I believe if you don't specify 'stp' in the rc.conf ifconfig statement,
freebsd by default sets the bridge as 'rstp' :
sdh-fw# ifconfig
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
ether 00:1b:21:23:5e:34
inet x.x.x.x netmask 0xffffffc0 broadcast x.x.x.255
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
bge0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0
mtu 1500
options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
ether 00:0b:cd:82:19:d3
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
bge1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0
mtu 1500
options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
ether 00:0b:cd:82:19:c0
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=3<RXCSUM,TXCSUM>
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33200
pfsync0: flags=0<> metric 0 mtu 1460
syncpeer: 224.0.0.240 maxupd: 128
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu
1500
ether 06:c7:a9:50:41:17
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: bge1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 3 priority 128 path cost 55
member: bge0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 2 priority 128 path cost 55
>Be sure that STP is *really* turned off on the switch, use tcpdump on the
>physical ports for this.
Should I just turn off STP for every port on the switch or just the ports
connected to the bridge?
>Be sure that the FreeBSD's BPDUs are forwarded by the switch, so the one
>bridging firewall can exchange BPDUs with the other.
I see now. I will try this again and tcpdump on the non-active firewall when
I manually fail over during my next test.
Thank you very much for clarifying!
~k
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
