VIP is set as Master on both nodes.
-
Hi All,
I have 2 Firewalls. I have the LAN interface setup successfully with CARP. FW1 is set as MASTER and FW2 is setup as backup. The weird issue I am having is I made a new VIP(10.1.0.1) For one of my vlans and it is set to MASTER on both FW1 and FW2.
Here are the settings on each FW.
http://imgur.com/a/iuv9rThe main problem is getting assigned DHCP addresses on VLAN101 but I think it's all related.
Here is the system log from FW1 regarding DHCP
Oct 10 15:31:09 dhcpd: DHCPINFORM from 10.0.0.26 via bce1 Oct 10 15:31:09 dhcpd: DHCPACK to 10.0.0.26 (f0:de:f1:5a:27:21) via bce1 Oct 10 15:31:15 dhcpd: DHCPDISCOVER from 10:dd:b1:de:45:30 via bce1_vlan101: not responding (recovering) Oct 10 15:31:23 dhcpd: DHCPDISCOVER from 10:dd:b1:de:45:30 via bce1_vlan101: not responding (recovering) Oct 10 15:31:27 dhcpd: DHCPREQUEST for 10.0.0.62 from 10:dd:b1:de:45:30 via bce1 Oct 10 15:31:27 dhcpd: DHCPACK on 10.0.0.62 to 10:dd:b1:de:45:30 via bce1 Oct 10 15:31:32 dhcpd: DHCPDISCOVER from 10:dd:b1:de:45:30 via bce1_vlan101: not responding (recovering) Oct 10 15:31:40 dhcpd: DHCPDISCOVER from 10:dd:b1:de:45:30 via bce1_vlan101: not responding (recovering) Oct 10 15:31:49 dhcpd: DHCPDISCOVER from 10:dd:b1:de:45:30 via bce1_vlan101: not responding (recovering) Oct 10 15:32:58 dhcpd: DHCPDISCOVER from 10:dd:b1:de:45:30 via bce1_vlan101: not responding (recovering) Oct 10 15:33:00 dhcpd: DHCPDISCOVER from 10:dd:b1:de:45:30 via bce1_vlan101: not responding (recovering) Oct 10 15:33:03 dhcpd: DHCPDISCOVER from 10:dd:b1:de:45:30 via bce1_vlan101: not responding (recovering) Oct 10 15:33:08 dhcpd: DHCPDISCOVER from 10:dd:b1:de:45:30 via bce1_vlan101: not responding (recovering) Oct 10 15:33:17 dhcpd: DHCPDISCOVER from 10:dd:b1:de:45:30 via bce1_vlan101: not responding (recovering) Oct 10 15:33:20 dhcpd: DHCPREQUEST for 172.16.0.4 from 00:0f:7d:0e:c8:f0 (ETT-XIR4-5) via bce1_vlan501 Oct 10 15:33:20 dhcpd: DHCPACK on 172.16.0.4 to 00:0f:7d:0e:c8:f0 (ETT-XIR4-5) via bce1_vlan501 Oct 10 15:33:20 dhcpd: DHCPREQUEST for 10.4.0.4 from 00:0f:7d:0e:c8:f0 via bce1_vlan401 Oct 10 15:33:20 dhcpd: DHCPACK on 10.4.0.4 to 00:0f:7d:0e:c8:f0 (ETT-XIR4-5) via bce1_vlan401 Oct 10 15:33:21 dhcpd: DHCPREQUEST for 10.4.1.4 from 00:0f:7d:0e:c8:f0 via bce1_vlan411 Oct 10 15:33:21 dhcpd: DHCPACK on 10.4.1.4 to 00:0f:7d:0e:c8:f0 (ETT-XIR4-5) via bce1_vlan411 Oct 10 15:33:21 dhcpd: DHCPREQUEST for 10.3.0.8 from 00:0f:7d:0e:c8:f0 via bce1_vlan301 Oct 10 15:33:21 dhcpd: DHCPACK on 10.3.0.8 to 00:0f:7d:0e:c8:f0 (ETT-XIR4-5) via bce1_vlan301 Oct 10 15:33:21 dhcpd: DHCPREQUEST for 10.3.1.4 from 00:0f:7d:0e:c8:f0 via bce1_vlan311 Oct 10 15:33:21 dhcpd: DHCPACK on 10.3.1.4 to 00:0f:7d:0e:c8:f0 (ETT-XIR4-5) via bce1_vlan311 Oct 10 15:33:21 dhcpd: DHCPREQUEST for 192.168.1.4 from 00:0f:7d:0e:c8:f0 via bce1_vlan601 Oct 10 15:33:21 dhcpd: DHCPACK on 192.168.1.4 to 00:0f:7d:0e:c8:f0 (ETT-XIR4-5) via bce1_vlan601 Oct 10 15:33:21 dhcpd: DHCPREQUEST for 10.2.0.6 from 00:0f:7d:0e:c8:f0 via bce1_vlan201 Oct 10 15:33:21 dhcpd: DHCPACK on 10.2.0.6 to 00:0f:7d:0e:c8:f0 (ETT-XIR4-5) via bce1_vlan201 Oct 10 15:33:21 dhcpd: DHCPREQUEST for 192.168.10.4 from 00:0f:7d:0e:c8:f0 via bce1_vlan610 Oct 10 15:33:21 dhcpd: DHCPACK on 192.168.10.4 to 00:0f:7d:0e:c8:f0 (ETT-XIR4-5) via bce1_vlan610 Oct 10 15:33:22 dhcpd: DHCPREQUEST for 192.168.3.4 from 00:0f:7d:0e:c8:f0 via bce1_vlan603 Oct 10 15:33:22 dhcpd: DHCPACK on 192.168.3.4 to 00:0f:7d:0e:c8:f0 (ETT-XIR4-5) via bce1_vlan603 Oct 10 15:33:22 dhcpd: DHCPREQUEST for 192.168.4.4 from 00:0f:7d:0e:c8:f0 via bce1_vlan604 Oct 10 15:33:22 dhcpd: DHCPACK on 192.168.4.4 to 00:0f:7d:0e:c8:f0 (ETT-XIR4-5) via bce1_vlan604 Oct 10 15:33:22 dhcpd: DHCPREQUEST for 192.168.2.4 from 00:0f:7d:0e:c8:f0 via bce1_vlan602 Oct 10 15:33:22 dhcpd: DHCPACK on 192.168.2.4 to 00:0f:7d:0e:c8:f0 (ETT-XIR4-5) via bce1_vlan602 Oct 10 15:33:22 dhcpd: DHCPREQUEST for 192.168.5.4 from 00:0f:7d:0e:c8:f0 via bce1_vlan605 Oct 10 15:33:22 dhcpd: DHCPACK on 192.168.5.4 to 00:0f:7d:0e:c8:f0 (ETT-XIR4-5) via bce1_vlan605 Oct 10 15:33:22 dhcpd: DHCPREQUEST for 192.168.6.4 from 00:0f:7d:0e:c8:f0 via bce1_vlan606 Oct 10 15:33:22 dhcpd: DHCPACK on 192.168.6.4 to 00:0f:7d:0e:c8:f0 (ETT-XIR4-5) via bce1_vlan606 Oct 10 15:33:22 dhcpd: DHCPREQUEST for 192.168.7.4 from 00:0f:7d:0e:c8:f0 via bce1_vlan607 Oct 10 15:33:22 dhcpd: DHCPACK on 192.168.7.4 to 00:0f:7d:0e:c8:f0 (ETT-XIR4-5) via bce1_vlan607 Oct 10 15:33:22 dhcpd: DHCPREQUEST for 192.168.8.4 from 00:0f:7d:0e:c8:f0 via bce1_vlan608 Oct 10 15:33:22 dhcpd: DHCPACK on 192.168.8.4 to 00:0f:7d:0e:c8:f0 (ETT-XIR4-5) via bce1_vlan608 Oct 10 15:33:22 dhcpd: DHCPREQUEST for 192.168.9.4 from 00:0f:7d:0e:c8:f0 via bce1_vlan609 Oct 10 15:33:22 dhcpd: DHCPACK on 192.168.9.4 to 00:0f:7d:0e:c8:f0 (ETT-XIR4-5) via bce1_vlan609 Oct 10 15:33:25 dhcpd: DHCPDISCOVER from 10:dd:b1:de:45:30 via bce1_vlan101: not responding (recovering) Oct 10 15:33:34 dhcpd: DHCPDISCOVER from 10:dd:b1:de:45:30 via bce1_vlan101: not responding (recovering) Oct 10 15:33:42 dhcpd: DHCPDISCOVER from 10:dd:b1:de:45:30 via bce1_vlan101: not responding (recovering) Oct 10 15:33:47 dhcpd: DHCPDISCOVER from 10:dd:b1:de:45:30 via bce1_vlan101: not responding (recovering) Oct 10 15:33:49 dhcpd: DHCPDISCOVER from 10:dd:b1:de:45:30 via bce1_vlan101: not responding (recovering) Oct 10 15:33:51 dhcpd: DHCPDISCOVER from 10:dd:b1:de:45:30 via bce1_vlan101: not responding (recovering) Oct 10 15:33:55 dhcpd: DHCPDISCOVER from 10:dd:b1:de:45:30 via bce1_vlan101: not responding (recovering) Oct 10 15:34:04 dhcpd: DHCPDISCOVER from 10:dd:b1:de:45:30 via bce1_vlan101: not responding (recovering) Oct 10 15:34:12 dhcpd: DHCPDISCOVER from 10:dd:b1:de:45:30 via bce1_vlan101: not responding (recovering)
here is the DHCP status page from FW2
http://imgur.com/M5a1AEY
Any help would be appreciated.
![Screen Shot 2013-10-10 at 3.35.15 PM.png](/public/imported_attachments/1/Screen Shot 2013-10-10 at 3.35.15 PM.png)
![Screen Shot 2013-10-10 at 3.35.15 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2013-10-10 at 3.35.15 PM.png_thumb) -
I wanted to add that both my Firewalls are plugged into the same Cisco switch. The port configuration of the two ports is this:
interface GigabitEthernet0/49 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,101,201,301,311,401,411,501,601-610 switchport mode trunk ! interface GigabitEthernet0/50 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,101,201,301,311,401,411,501,601-610 switchport mode trunk !
Could this cause any issues ?
-
your switch config is fine…
can you ping between fw1 and fw2 on vlan101?
-
I can not get on VLAN101 due to DHCP not working at the moment. When I try to ping from the WebGUI From FW1 VLAN101 to 10.1.0.3(FW2 VLAN101 interface) it does not work. I am able to ping the VIP from both firewalls.
-
If I remove the VIP(10.1.0.1) from the DNS option on the DHCP server settings page I am able to get onto VLAN101 I am not able to ping FW2 from FW1 when doing this.
![Screen Shot 2013-10-11 at 7.59.27 AM.png](/public/imported_attachments/1/Screen Shot 2013-10-11 at 7.59.27 AM.png)
![Screen Shot 2013-10-11 at 7.59.27 AM.png_thumb](/public/imported_attachments/1/Screen Shot 2013-10-11 at 7.59.27 AM.png_thumb)
![Screen Shot 2013-10-11 at 7.59.15 AM.png](/public/imported_attachments/1/Screen Shot 2013-10-11 at 7.59.15 AM.png)
![Screen Shot 2013-10-11 at 7.59.15 AM.png_thumb](/public/imported_attachments/1/Screen Shot 2013-10-11 at 7.59.15 AM.png_thumb) -
I took a tcpdump of both interfaces does this look normal?
FW1
00:00:00.000000 IP 10.1.0.2 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 0, authtype none, intvl 2s, length 36 00:00:02.001079 IP 10.1.0.2 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 0, authtype none, intvl 2s, length 36 00:00:02.001082 IP 10.1.0.2 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 0, authtype none, intvl 2s, length 36 00:00:02.001087 IP 10.1.0.2 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 0, authtype none, intvl 2s, length 36 00:00:02.001082 IP 10.1.0.2 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 0, authtype none, intvl 2s, length 36 00:00:02.001081 IP 10.1.0.2 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 0, authtype none, intvl 2s, length 36 00:00:02.001085 IP 10.1.0.2 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 0, authtype none, intvl 2s, length 36
FW2
tcpdump -i bce1_vlan101 -ttt -n proto CARP tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on bce1_vlan101, link-type EN10MB (Ethernet), capture size 96 bytes 00:00:00.000000 IP 10.1.0.3 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 100, authtype none, intvl 2s, length 36 00:00:02.392089 IP 10.1.0.3 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 100, authtype none, intvl 2s, length 36 00:00:02.392086 IP 10.1.0.3 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 100, authtype none, intvl 2s, length 36 00:00:02.392088 IP 10.1.0.3 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 100, authtype none, intvl 2s, length 36 00:00:02.392089 IP 10.1.0.3 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 100, authtype none, intvl 2s, length 36 00:00:02.392089 IP 10.1.0.3 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 100, authtype none, intvl 2s, length 36 00:00:02.392093 IP 10.1.0.3 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 100, authtype none, intvl 2s, length 36 00:00:02.392085 IP 10.1.0.3 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 100, authtype none, intvl 2s, length 36 00:00:02.392089 IP 10.1.0.3 > 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 100, authtype none, intvl 2s, length 36