On 11/19/05, Camiel Dobbelaar <[EMAIL PROTECTED]> wrote: > > On Sat, 19 Nov 2005, Ramsey Tantawi wrote: > > > For a redundant bridge setup you need spanning tree. See "stp" in the > > > brconfig(8) manpage. > > > > I'm using unmanaged switches that don't support STP, so for now I'm out of > > luck. > > No, that's ok. You don't have to run STP on every device, only on the > ones that might otherwise be able to create a loop.
Ah, I think I get it now. For simple failover to a backup firewall, I would have these bridgename.bridge0 configurations: Master: add fxp0 add rl0 stp fxp0 stp rl0 maxage 5 hellotime 2 priority 100 ifcost fxp0 100 ifcost rl0 55 up Backup: add fxp0 add rl0 stp fxp0 stp rl0 maxage 5 hellotime 2 priority 50000 ifcost fxp0 100 ifcost rl0 55 This would do the following: --Enable Spanning tree protocol on both interfaces, and set interface cost so rl0 will be the root port on the non-root bridge (the backup). Thus master and backup will communicate on rl0. In normal operation fxp0 would be blocked due to it's higher cost. --Set priority of the primary lower so it will be the root bridge. All interfaces can remain at default priority. --Set maxage to 5 meaning that the maximum time failover will take is 5 seconds. Explicitly set hellotime to 2 for clarity. Any errors in the above? Thanks much, Ramsey
