VIP is set as Master on both nodes.

sterfry1988

Hi All,

I have 2 Firewalls. I have the LAN interface setup successfully with CARP. FW1 is set as MASTER and FW2 is setup as backup. The weird issue I am having is I made a new VIP(10.1.0.1) For one of my vlans and it is set to MASTER on both FW1 and FW2.

Here are the settings on each FW.
http://imgur.com/a/iuv9r

The main problem is getting assigned DHCP addresses on VLAN101 but I think it's all related.

Here is the system log from FW1 regarding DHCP

Oct 10 15:31:09	dhcpd: DHCPINFORM from 10.0.0.26 via bce1
Oct 10 15:31:09	dhcpd: DHCPACK to 10.0.0.26 (f0:de:f1:5a:27:21) via bce1
Oct 10 15:31:15	dhcpd: DHCPDISCOVER from 10:dd:b1:de:45:30 via bce1_vlan101: not responding (recovering)
Oct 10 15:31:23	dhcpd: DHCPDISCOVER from 10:dd:b1:de:45:30 via bce1_vlan101: not responding (recovering)
Oct 10 15:31:27	dhcpd: DHCPREQUEST for 10.0.0.62 from 10:dd:b1:de:45:30 via bce1
Oct 10 15:31:27	dhcpd: DHCPACK on 10.0.0.62 to 10:dd:b1:de:45:30 via bce1
Oct 10 15:31:32	dhcpd: DHCPDISCOVER from 10:dd:b1:de:45:30 via bce1_vlan101: not responding (recovering)
Oct 10 15:31:40	dhcpd: DHCPDISCOVER from 10:dd:b1:de:45:30 via bce1_vlan101: not responding (recovering)
Oct 10 15:31:49	dhcpd: DHCPDISCOVER from 10:dd:b1:de:45:30 via bce1_vlan101: not responding (recovering)
Oct 10 15:32:58	dhcpd: DHCPDISCOVER from 10:dd:b1:de:45:30 via bce1_vlan101: not responding (recovering)
Oct 10 15:33:00	dhcpd: DHCPDISCOVER from 10:dd:b1:de:45:30 via bce1_vlan101: not responding (recovering)
Oct 10 15:33:03	dhcpd: DHCPDISCOVER from 10:dd:b1:de:45:30 via bce1_vlan101: not responding (recovering)
Oct 10 15:33:08	dhcpd: DHCPDISCOVER from 10:dd:b1:de:45:30 via bce1_vlan101: not responding (recovering)
Oct 10 15:33:17	dhcpd: DHCPDISCOVER from 10:dd:b1:de:45:30 via bce1_vlan101: not responding (recovering)
Oct 10 15:33:20	dhcpd: DHCPREQUEST for 172.16.0.4 from 00:0f:7d:0e:c8:f0 (ETT-XIR4-5) via bce1_vlan501
Oct 10 15:33:20	dhcpd: DHCPACK on 172.16.0.4 to 00:0f:7d:0e:c8:f0 (ETT-XIR4-5) via bce1_vlan501
Oct 10 15:33:20	dhcpd: DHCPREQUEST for 10.4.0.4 from 00:0f:7d:0e:c8:f0 via bce1_vlan401
Oct 10 15:33:20	dhcpd: DHCPACK on 10.4.0.4 to 00:0f:7d:0e:c8:f0 (ETT-XIR4-5) via bce1_vlan401
Oct 10 15:33:21	dhcpd: DHCPREQUEST for 10.4.1.4 from 00:0f:7d:0e:c8:f0 via bce1_vlan411
Oct 10 15:33:21	dhcpd: DHCPACK on 10.4.1.4 to 00:0f:7d:0e:c8:f0 (ETT-XIR4-5) via bce1_vlan411
Oct 10 15:33:21	dhcpd: DHCPREQUEST for 10.3.0.8 from 00:0f:7d:0e:c8:f0 via bce1_vlan301
Oct 10 15:33:21	dhcpd: DHCPACK on 10.3.0.8 to 00:0f:7d:0e:c8:f0 (ETT-XIR4-5) via bce1_vlan301
Oct 10 15:33:21	dhcpd: DHCPREQUEST for 10.3.1.4 from 00:0f:7d:0e:c8:f0 via bce1_vlan311
Oct 10 15:33:21	dhcpd: DHCPACK on 10.3.1.4 to 00:0f:7d:0e:c8:f0 (ETT-XIR4-5) via bce1_vlan311
Oct 10 15:33:21	dhcpd: DHCPREQUEST for 192.168.1.4 from 00:0f:7d:0e:c8:f0 via bce1_vlan601
Oct 10 15:33:21	dhcpd: DHCPACK on 192.168.1.4 to 00:0f:7d:0e:c8:f0 (ETT-XIR4-5) via bce1_vlan601
Oct 10 15:33:21	dhcpd: DHCPREQUEST for 10.2.0.6 from 00:0f:7d:0e:c8:f0 via bce1_vlan201
Oct 10 15:33:21	dhcpd: DHCPACK on 10.2.0.6 to 00:0f:7d:0e:c8:f0 (ETT-XIR4-5) via bce1_vlan201
Oct 10 15:33:21	dhcpd: DHCPREQUEST for 192.168.10.4 from 00:0f:7d:0e:c8:f0 via bce1_vlan610
Oct 10 15:33:21	dhcpd: DHCPACK on 192.168.10.4 to 00:0f:7d:0e:c8:f0 (ETT-XIR4-5) via bce1_vlan610
Oct 10 15:33:22	dhcpd: DHCPREQUEST for 192.168.3.4 from 00:0f:7d:0e:c8:f0 via bce1_vlan603
Oct 10 15:33:22	dhcpd: DHCPACK on 192.168.3.4 to 00:0f:7d:0e:c8:f0 (ETT-XIR4-5) via bce1_vlan603
Oct 10 15:33:22	dhcpd: DHCPREQUEST for 192.168.4.4 from 00:0f:7d:0e:c8:f0 via bce1_vlan604
Oct 10 15:33:22	dhcpd: DHCPACK on 192.168.4.4 to 00:0f:7d:0e:c8:f0 (ETT-XIR4-5) via bce1_vlan604
Oct 10 15:33:22	dhcpd: DHCPREQUEST for 192.168.2.4 from 00:0f:7d:0e:c8:f0 via bce1_vlan602
Oct 10 15:33:22	dhcpd: DHCPACK on 192.168.2.4 to 00:0f:7d:0e:c8:f0 (ETT-XIR4-5) via bce1_vlan602
Oct 10 15:33:22	dhcpd: DHCPREQUEST for 192.168.5.4 from 00:0f:7d:0e:c8:f0 via bce1_vlan605
Oct 10 15:33:22	dhcpd: DHCPACK on 192.168.5.4 to 00:0f:7d:0e:c8:f0 (ETT-XIR4-5) via bce1_vlan605
Oct 10 15:33:22	dhcpd: DHCPREQUEST for 192.168.6.4 from 00:0f:7d:0e:c8:f0 via bce1_vlan606
Oct 10 15:33:22	dhcpd: DHCPACK on 192.168.6.4 to 00:0f:7d:0e:c8:f0 (ETT-XIR4-5) via bce1_vlan606
Oct 10 15:33:22	dhcpd: DHCPREQUEST for 192.168.7.4 from 00:0f:7d:0e:c8:f0 via bce1_vlan607
Oct 10 15:33:22	dhcpd: DHCPACK on 192.168.7.4 to 00:0f:7d:0e:c8:f0 (ETT-XIR4-5) via bce1_vlan607
Oct 10 15:33:22	dhcpd: DHCPREQUEST for 192.168.8.4 from 00:0f:7d:0e:c8:f0 via bce1_vlan608
Oct 10 15:33:22	dhcpd: DHCPACK on 192.168.8.4 to 00:0f:7d:0e:c8:f0 (ETT-XIR4-5) via bce1_vlan608
Oct 10 15:33:22	dhcpd: DHCPREQUEST for 192.168.9.4 from 00:0f:7d:0e:c8:f0 via bce1_vlan609
Oct 10 15:33:22	dhcpd: DHCPACK on 192.168.9.4 to 00:0f:7d:0e:c8:f0 (ETT-XIR4-5) via bce1_vlan609
Oct 10 15:33:25	dhcpd: DHCPDISCOVER from 10:dd:b1:de:45:30 via bce1_vlan101: not responding (recovering)
Oct 10 15:33:34	dhcpd: DHCPDISCOVER from 10:dd:b1:de:45:30 via bce1_vlan101: not responding (recovering)
Oct 10 15:33:42	dhcpd: DHCPDISCOVER from 10:dd:b1:de:45:30 via bce1_vlan101: not responding (recovering)
Oct 10 15:33:47	dhcpd: DHCPDISCOVER from 10:dd:b1:de:45:30 via bce1_vlan101: not responding (recovering)
Oct 10 15:33:49	dhcpd: DHCPDISCOVER from 10:dd:b1:de:45:30 via bce1_vlan101: not responding (recovering)
Oct 10 15:33:51	dhcpd: DHCPDISCOVER from 10:dd:b1:de:45:30 via bce1_vlan101: not responding (recovering)
Oct 10 15:33:55	dhcpd: DHCPDISCOVER from 10:dd:b1:de:45:30 via bce1_vlan101: not responding (recovering)
Oct 10 15:34:04	dhcpd: DHCPDISCOVER from 10:dd:b1:de:45:30 via bce1_vlan101: not responding (recovering)
Oct 10 15:34:12	dhcpd: DHCPDISCOVER from 10:dd:b1:de:45:30 via bce1_vlan101: not responding (recovering)

here is the DHCP status page from FW2

http://imgur.com/M5a1AEY

Any help would be appreciated.

![Screen Shot 2013-10-10 at 3.35.15 PM.png](/public/imported_attachments/1/Screen Shot 2013-10-10 at 3.35.15 PM.png)
![Screen Shot 2013-10-10 at 3.35.15 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2013-10-10 at 3.35.15 PM.png_thumb)

sterfry1988

I wanted to add that both my Firewalls are plugged into the same Cisco switch. The port configuration of the two ports is this:


interface GigabitEthernet0/49
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1,101,201,301,311,401,411,501,601-610
 switchport mode trunk
!
interface GigabitEthernet0/50
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1,101,201,301,311,401,411,501,601-610
 switchport mode trunk
!

Could this cause any issues ?

miloman

your switch config is fine…

can you ping between fw1 and fw2 on vlan101?

sterfry1988

I can not get on VLAN101 due to DHCP not working at the moment. When I try to ping from the WebGUI From FW1 VLAN101 to 10.1.0.3(FW2 VLAN101 interface) it does not work. I am able to ping the VIP from both firewalls.

sterfry1988

If I remove the VIP(10.1.0.1) from the DNS option on the DHCP server settings page I am able to get onto VLAN101 I am not able to ping FW2 from FW1 when doing this.

![Screen Shot 2013-10-11 at 7.59.27 AM.png](/public/imported_attachments/1/Screen Shot 2013-10-11 at 7.59.27 AM.png)
![Screen Shot 2013-10-11 at 7.59.27 AM.png_thumb](/public/imported_attachments/1/Screen Shot 2013-10-11 at 7.59.27 AM.png_thumb)
![Screen Shot 2013-10-11 at 7.59.15 AM.png](/public/imported_attachments/1/Screen Shot 2013-10-11 at 7.59.15 AM.png)
![Screen Shot 2013-10-11 at 7.59.15 AM.png_thumb](/public/imported_attachments/1/Screen Shot 2013-10-11 at 7.59.15 AM.png_thumb)

sterfry1988

I took a tcpdump of both interfaces does this look normal?

FW1

00:00:00.000000 IP 10.1.0.2 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 0, authtype none, intvl 2s, length 36
00:00:02.001079 IP 10.1.0.2 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 0, authtype none, intvl 2s, length 36
00:00:02.001082 IP 10.1.0.2 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 0, authtype none, intvl 2s, length 36
00:00:02.001087 IP 10.1.0.2 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 0, authtype none, intvl 2s, length 36
00:00:02.001082 IP 10.1.0.2 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 0, authtype none, intvl 2s, length 36
00:00:02.001081 IP 10.1.0.2 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 0, authtype none, intvl 2s, length 36
00:00:02.001085 IP 10.1.0.2 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 0, authtype none, intvl 2s, length 36

FW2


tcpdump -i bce1_vlan101 -ttt -n proto CARP
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on bce1_vlan101, link-type EN10MB (Ethernet), capture size 96 bytes
00:00:00.000000 IP 10.1.0.3 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 100, authtype none, intvl 2s, length 36
00:00:02.392089 IP 10.1.0.3 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 100, authtype none, intvl 2s, length 36
00:00:02.392086 IP 10.1.0.3 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 100, authtype none, intvl 2s, length 36
00:00:02.392088 IP 10.1.0.3 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 100, authtype none, intvl 2s, length 36
00:00:02.392089 IP 10.1.0.3 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 100, authtype none, intvl 2s, length 36
00:00:02.392089 IP 10.1.0.3 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 100, authtype none, intvl 2s, length 36
00:00:02.392093 IP 10.1.0.3 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 100, authtype none, intvl 2s, length 36
00:00:02.392085 IP 10.1.0.3 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 100, authtype none, intvl 2s, length 36
00:00:02.392089 IP 10.1.0.3 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 100, authtype none, intvl 2s, length 36