Hi all,
we have a really strange behaviour occuring in connections between systems in our networks:
The setup is a VLAN between the Sophos and the Cisco-Cluster (sophos has IP 10.10.0.1 and Cisco .2) each being the default router for the other concerning the networks 10.10.xy.zz
CISCO is Router for networks 10.10.10.0 (Server) and 10.10.20.0 (Client), communication between these networks is fine and has no problems. Sophos has "any"-Rules for testing, so nothing is blocked.
What now happens is:
ComputerA (172.16.1.211) <--> (172.16.1.254) Sophos (10.10.0.1) <--> (10.10.0.2) CISCO (10.10.10.1) <--> (10.10.10.11) ServerA
no Ping, no TCP-Communication (e.g. RDP) nothing, traceroute "stops" at 10.10.0.2
DNS, Firewall, default gateway: everything double-checked and OK when trying to connect from ComputerA to ServerA
ServerA also can´t ping or connect to ComputerA
BUT:
ComputerB (172.16.1.123) <--> (172.16.1.254) Sophos (10.10.0.1) <--> (10.10.0.2) CISCO (10.10.10.1) <--> (10.10.10.11) ServerA
all good ! communication works, RDP, ICMP, all fine, ServerA can ping back or establish TCP-communication
to get this all even more complicated/strange:
changing ComputerA´s IP to a different one (or activating DHCP) establishes communication instantly
This behaviour is not limited to a single computer but occurs randomly on any system.
Does anybody have an idea of whats happening here or who´s the culprit?
Kind regards !
Markus
Please ask for more details if needed !
Sophos LAG-Config:
================
Sophos UTM SG430 (v 9.605-1) 2 Devices in passive-Standby, each equipped with a 4x 10G module,
each UTM connected to X4500-Cluster with 2 Cables on eth9 & eth10 configured as LACP:
Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)
Bonding Mode: IEEE 802.3ad Dynamic link aggregation
Transmit Hash Policy: layer2 (0)
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0
802.3ad info
LACP rate: fast
Min links: 0
Aggregator selection policy (ad_select): stable
Active Aggregator Info:
Aggregator ID: 1
Number of ports: 2
Actor Key: 33
Partner Key: 12
Partner Mac Address: 02:00:00:00:00:0a
Slave Interface: eth9
MII Status: up
Speed: 10000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:1a:8c:f0:e8:c9
Aggregator ID: 1
Slave queue ID: 0
Slave Interface: eth10
MII Status: up
Speed: 10000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:1a:8c:f0:e8:ca
Aggregator ID: 1
Slave queue ID: 0
here´s the Ciscos LACP-Config:
CISCO X4500: (2x in ClusterMode)
================================
interface Port-channel12
switchport
switchport mode trunk
logging event link-status
logging event trunk-status
!
interface TenGigabitEthernet1/1/2
switchport mode trunk
logging event link-status
logging event trunk-status
load-interval 30
channel-protocol lacp
channel-group 12 mode active
!
interface TenGigabitEthernet1/1/3
switchport mode trunk
logging event link-status
logging event trunk-status
load-interval 30
channel-protocol lacp
channel-group 12 mode active
!
interface TenGigabitEthernet2/1/2
switchport mode trunk
logging event link-status
logging event trunk-status
load-interval 30
channel-protocol lacp
channel-group 12 mode active
!
interface TenGigabitEthernet2/1/3
switchport mode trunk
logging event link-status
logging event trunk-status
load-interval 30
channel-protocol lacp
channel-group 12 mode active
!
interface Vlan200
description LBAG_DMZ
ip address 10.10.0.2 255.255.255.248
ip route 0.0.0.0 0.0.0.0 10.10.0.1
## where 10.10.9.1 is the Sophos´ UTM lag0-Interface
This thread was automatically locked due to age.
