In answer to Question 1: The DR is normally different on each interface because each interface is a seperate subnet and unless there is a router that has interfaces on both subnets and is using a loopback ip address as the router id, you will have separate DRs on each interface. All the DR does is to send out the appropriate ospf info so that other routers on that subnet that are participating in OSPF do not have to. Is there a reason that you want to use a common DR?
In answer to Q2. I noted in the pix 6.3 command reference that the way to set the ospf priority is to do it on an interface basis. Below is a snippet from the pix 6.3 command reference. The parameter that you are interested in is the ospf priority, the default is 1, set it higher to make sure that the pix has a higher value than other ospf routers on that subnet. Note that making the number higher will not automatically let the PIX become the DR, to do that you need to restart the ospf processes on the DR and backup DR (BDR) routers. That will force an election and the pix will win with the higher number.
I hope this info was useful. Let me know if I can help further.
Configures interface-specific OSPF routing parameters. This command is the main command for all OSPF interface submode commands. (Use the router ospf command to configure global parameters and to enable OSPF routing through the firewall.) OSPF routing is not supported on the PIX501.
yes theres a reason...coz i have 2 L3 connected thru fiber...each L3 is vlanded..the other end has got firewall which is connected to the internet..the L3 on that firewall side has got 3 vlans..one of the vlans on this side has got different dr than the other 2..this particular vlan is having a problem on mapping the server drives which resides on the other L3...What ive done temporarily is configure a low router id so as not to be elected as dr, reboot my L3, and there it goes. All of the vlans now on my L3 has a common DR and the problem is rectified...Well, any other solution is welcome..Mine is jus temporary still.
Are you using the pix only to control access to and from the Internet? Or are you using it as an internal firewall too? I.E. does the vlan traffic from one layer 3 switch destined for another vlan, on the same or the other L3 switch, pass thru the pix?
The reason I ask is that if the PIX is only used for external connectivity then you may want to consider creating two ospf areas on the l3 switch that the pix is connected to, and move the pix to the 2nd area, lets call it area 1. Then on the L3 switch you can configure another subnet and logical interface where the pix and internet/isp connection reside and move that into that new area. Yes, there would be some pix reconfiguration involved, but it would isolate changes in one ospf area from others
By separating the pix into a different area, all user vlans would still share the same DR router, which would be the L3 switch.
From what you have described and shown, am I correct in understanding that all pix interfaces terminate on the same layer 3 switch, along with isp connectivity and the users? And that the other L3 switch (the leftmost one in your diagram) is where the servers sit?
I also assume that becasue you are using layer 3 switches, that the switch's routing interface is the default gateway for each station on the vlans, except for the pix and that the isp connection is on the same vlan as the pix's outside interface. Am I correct in that understanding as well?
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...