On Feb 22, 2011, at 1:20 PM, kevin wrote:
>> There is a also the caveat: The switch will probably _not_ forward the STP
> BPDU's from one port to another.
>
> You were correct -- my initial testing confirmed this. Would the same issue
> arise if I employed a gateway IP on the /bridge/ instead,
>There is a also the caveat: The switch will probably _not_ forward the STP
BPDU's from one port to another.
You were correct -- my initial testing confirmed this. Would the same issue
arise if I employed a gateway IP on the /bridge/ instead, and used CARP as a
failover mechanism? The firewall n
On 2/19/2011 7:32 PM, Tom Judge wrote:
In this setup it does not matter where the root bridge is, each of the
firewalls will always have on port in disguarding state as both ports
lead back to the same peer bridge. With states such as:
fw 1 - 1: forwarding
fw 2 - 1: forwarding
fw 1 - 2: disguard
>There is a also the caveat: The switch will probably _not_ forward the STP
BPDU's from one port to another. This is because if the switch is a properly
>compliant bridge it will not forwards the frames as they are marked as link
local ethernet multicast frame which is not allowed to forwarded by
On 19/02/2011 11:07, kevin wrote:
>> No, you have to specify stp there. The default STP mode is RSTP.
>> If you don't specify stp, you'll get a dumb ethernet bridge.
> Thanks very much for clarification. This helps me immensely. My room for
> testing is limited so this will help me take the right s
On 2/19/2011 6:07 PM, kevin wrote:
One quick last question : would you recommend pfsync in this scenario,
between bridges? I've been hearing a lot of issues with pfsync but I'm not
sure what behavior to expect in a bridging scenario such as this one.
Can't really comment about pfsync as i have
On 2/19/2011 6:11 PM, kevin wrote:
One other thing :
id 00:17:d6:a9:31:e7 priority 16384 hellotime 2 fwddelay 15
And :
root id 00:12:cf:69:e9:ea priority 16384 ifcost 0 port 0
I was under the impression the priority for the root bridge should be a
lower number ?
The priority is checked
One other thing :
> id 00:17:d6:a9:31:e7 priority 16384 hellotime 2 fwddelay 15
And :
> root id 00:12:cf:69:e9:ea priority 16384 ifcost 0 port 0
I was under the impression the priority for the root bridge should be a
lower number ? Would you be able to post your rc.conf bridge entries for
each
>No, you have to specify stp there. The default STP mode is RSTP.
>If you don't specify stp, you'll get a dumb ethernet bridge.
Thanks very much for clarification. This helps me immensely. My room for
testing is limited so this will help me take the right steps necessary.
One quick last question
On 2/19/2011 4:52 PM, Nikos Vassiliadis wrote:
I believe if you don't specify 'stp' in the rc.conf ifconfig statement,
freebsd by default sets the bridge as 'rstp' :
Yes, that's correct.
It helps sometimes when you read the actual message before trying to
answer:)
No, you have to specify
On 2/19/2011 4:13 PM, kevin wrote:
Could you send your ifconfig bridge output from both firewalls?
If STP is turned off on the four switch ports that the firewalls are
patched, one of the two firewalls must be root of the spanning tree.
I believe if you don't specify 'stp' in the rc.conf ifco
>Could you send your ifconfig bridge output from both firewalls?
>If STP is turned off on the four switch ports that the firewalls are
>patched, one of the two firewalls must be root of the spanning tree.
I believe if you don't specify 'stp' in the rc.conf ifconfig statement,
freebsd by default s
On 2/18/2011 7:49 PM, kevin wrote:
My current testing has shown little promise -- both firewalls will go up,
traffic will only go to the first firewall. If I reboot that first firewall,
no traffic will flow to the second bridging firewall. Note that all IPs on
my network (inside and out) are publ
Hello,
I have a fairly straightforward network in a collocated facility. I have a
FreeBSD PF Bridging firewall (2 interfaces bridged, 1 interface for access).
The FreeBSD 8.0-RELEASE firewall provides inbound filtering through a Dell
PowerConnect 5448 switch, divided into two vlans.
My network i
14 matches
Mail list logo
