i think i encounter some issue when doing failover test.
My 1st scenario is to shutdown/disable interface 3/1/3 in CS-A.
The result of "show chassis cluster status" is as expected, but ping to 188.8.131.52 is RTO
Kindly need your assistance how to make 184.108.40.206 reachable when SRX-A is down.
Attached my configuration file
Looking at the diagram, I suspect that the cluster did not failover to node b with the loss of the link on node a to cs A.
When the link is down run this to verify
show chassis cluster status
In a standard active/passive cluster the links on the passive device do not accept or pass traffic.
They are in standby mode.
So the key is to have things set in a way that when failures to/from the active node occur they cause the cluster to failover to the passive device and allow the traffic.
Please find result "show chassis cluster status" before and after i shutdown/disable the interface 3/1/3 in CS A
root@FW03> show chassis cluster statusCluster ID: 1Node Priority Status Preempt Manual failover
Redundancy group: 0 , Failover count: 1node0 200 primary no nonode1 100 secondary no no
Redundancy group: 1 , Failover count: 155node0 200 primary yes nonode1 100 secondary yes no
Redundancy group: 1 , Failover count: 156node0 0 secondary yes nonode1 100 primary yes no
The cluster looks correct then failing over.
When the reth interfaces switchover they issue a garp to take control of the reth ip address.
Can you verify the mac address moves to the associated port on both swb and cs b during the switchover event
unfortunately, when i do failover, i can not reach 220.127.116.11
I think the issue will be with how hsrp works on the switch ports.
The SRX cluster works using redundant ethernet standard for failover.
So both ports are up/up but only the active port is passing traffic.
On the hsrp side since the primary port is still up but the failover has occured your vip address still remains on the SRX A port but that port is now no longer passing traffic
Can you move the ip addresses on the switches to virtual interfaces instead of the physical ones?
In juniper this would be irb.x or vlan.x format. I'm not sure what the cisco equivilent is.
on switches side, all are configured using interface vlan.
on the switch's physical port only configured as access mode, with connection between switches configured as trunk