Cisco Cat6500 & Nokia IP530 Clustering Issues

Unanswered Question
Apr 22nd, 2010
User Badges:

Hi,


We have two sites connected via a 1Gb trunk. There is a cluster of Nokia IP530 firewalls, split between the two site. Everything was working fine until the core switches were changed out on one of the sites (went from a Cisco 4507 to Cat6500 with Sup720).


Since the change, both firewall think they are the "Master". We have verrified L2 & L3 conenctivity - all looks ok.

We moved the Nokia off the 6500 and moved it to the same site as the other Nokia (these sit on Cisco 4506E with Sup6)....clustering works fine when they are on the same site.



Here the general port configuration that works on the 4506E

!
interface GigabitEthernet6/46
description TEMP_NOKIA_HB
switchport access vlan 202
switchport mode access
switchport nonegotiate
speed 100
duplex full
spanning-tree portfast
!

On the Cisco 6500, we are using the following general configuration....

!

interface GigabitEthernet8/47
description NOKIA_HB
switchport
switchport access vlan 202
switchport mode access
switchport nonegotiate
speed 100
duplex full
spanning-tree portfast edge
end


I believe that both the firewalls are set to use Unicast for clustering, however when I put a sniffer on the directly on the FW Heart Beat port, I noticed alot of Multicast traffic... On both sites, the port connecting to the Nokia Heartbeat port is receining M/cast traffic.


We've moved the firewalls back into one site to maintain redundancy.


My next step is to put a sniffer on the one segment to view a "normal" cluster establishment.


Does anyone have any insights in regard to this issue?


Thanks


Simon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Thu, 04/22/2010 - 04:50
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Simon


Are the 2 firewalls in the same vlan ? If so and they are multicasting have a look at the attached doc which covers a common multicast issue when source and receivers are on different switches.


Jon

swatkins Thu, 04/22/2010 - 05:10
User Badges:

Jon,


Yes the Nokia Heart Beat interfaces are in the same L2 VLAN.


Thanks for the information - will review and post up the results.


Regards


Simon

Actions

This Discussion

Related Content