ScreenOS Firewalls (NOT SRX)
Highlighted
ScreenOS Firewalls (NOT SRX)

NSRP Weights on Sub Interfaces

‎03-26-2010 12:20 PM

Hi Guys

 

I need to reconfigure an ISG pair(Active/Standby) so as to create several subinterfaces from one physical interface that is currently being used. Each interface(5 in total) on the firewalls has the default 255 weighting assigned to it. 

 I need to add another switch and zone to the environment so I'm going to hang a new switch off of an existing one, trunk this link between the old and new switch, and also trunk the uplink from the existing switch to the ISG allowing all vlans. 

 

WIll the removal of the L3 config from the physical interface force a failover attempt and thus cause an outage ?

I only want the failure of the existing zone to cause a failure, not the new zones. I plan on setting the other sub.ints to weights that will never force failover, even if both fail at the same time, would this be ok ?

 

I'm hoping that this change can be achieved through mostly cutting and pasting when the new subinterfaces are configured, as I need to keep the outage time to a minimum for the existing zone that will be removed from the physical interface. Would you expect this to be ok.

 

I don't have any ISG's in a lab environment so cannot test any of this in advance, hence I'm hoping you guys can point out any possible problems with my plan.

 

Thanks in advance guys

 

Mooey

1 REPLY 1
Highlighted
ScreenOS Firewalls (NOT SRX)

Re: NSRP Weights on Sub Interfaces

‎03-26-2010 04:33 PM

Hi Mooey

 

My belief is that, as long as youre reconfiguration of the attached interface doesnt' trigger a interface down nothing will happen.

 

 

Regards

Hans
JNCIS-FWV

If this worked for you then please flag my post as an "Accepted Solution" so others can benefit from it. A kudo would be nice if you think I earned it