CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 3 of 3

Thread: Move VLAN interface between bond

  1. #1
    Join Date
    2018-10-06
    Posts
    6
    Rep Power
    0

    Default Move VLAN interface between bond

    Hi,

    I have a R80.10 and ClusterXL, my confguration is simple 2 bond interfaces and more VLAN interface on both bond interfaces.
    I need to move/reconfigure a VLAN interface from internal bond to external bond without go out of service.
    I tried this sequence:
    - on standby node delete interface vlan from source bond, add interface vlan to destination bond, configure the same ip.
    - on smartconsole get interface with topology, I see a change of interface name, so the active node has bond1.10 while standy node has bond2.10
    - install policy
    - reconfigure switch
    - test ping between nodes on changed VLAN interface works without issues, so configuration is correct.
    The expected result is cluster continue to work so I can switch traffic, but standby node go down and don't go up. I tried cpstop and cpstart.
    cphaprob -a if on standby node don't show the moved VLAN interface.
    Which the best procedure for this simple operation? Can I temporary disable monitoring on that interface?

    Thank you for suggestions.

  2. #2
    Join Date
    2018-10-06
    Posts
    6
    Rep Power
    0

    Default Re: Move VLAN interface between bond

    I have found this thread https://www.cpug.org/forums/showthre...rom-monitoring
    I don't know if is the correct way for my issue, but I wiil try.

  3. #3
    Join Date
    2018-04-18
    Posts
    28
    Rep Power
    0

    Default Re: Move VLAN interface between bond

    I had a similar issue yesterday moving VLAN interfaces between bond groups and the passive security gateway in the cluster remained down. After troubleshooting for a while I found that the Cisco switch connected to both security gateways did not have some of the VLANs configured on the trunk interface to one of the bond groups. ( the "switchport trunk allowed vlan 10, 20, x, x" command in interface configuration mode on the switch.) Once I added the missing VLANs to the trunk on the switch side the passive security gateways changed from down to standby.

Similar Threads

  1. RCV Overruns on bond interface
    By slowfood27 in forum R77.30
    Replies: 8
    Last Post: 2018-07-25, 10:21
  2. Replies: 1
    Last Post: 2018-07-02, 13:31
  3. RX-ERR on newly added Bond interface
    By Neilharrison_253 in forum Topology Issues
    Replies: 9
    Last Post: 2015-07-23, 20:43
  4. Splat GUI on a bond interface
    By chkpjth in forum Check Point SecurePlatform (SPLAT)
    Replies: 1
    Last Post: 2011-04-05, 10:49
  5. Bond Interface SPLAT NGX R65 HFA60
    By peqwilber in forum Clustering (Security Gateway HA and ClusterXL)
    Replies: 6
    Last Post: 2010-03-18, 14:09

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •