In this mode, the firewalls send the frame with the source MAC address, which receives in its LAN interface to its WAN interface, therefore the switches of the LAN and the WAN network, have the MAC addresses of their peers, learning these Through each package that arrives through each of its interfaces, this in layer 2 is known as spanning tree.
In this case, the external switch learns the MAC addresses of the internal network (Interfaces Switch internal cisco and internal ASA) through its two interfaces, which connects to the primary FW, and the other interface that connects to its auxiliary FW, of the same mode the internal switch, has these addresses in its MAC table, through its two ports.
Given this scenario, the STP in the Cisco switches, perform their calculation of the tree and perform the blockade in one of the ports, to avoid a Loop L2, this is happening to us, and we could observe it directly connected to one of the switches.
For this reason, having both devices in bridge mode connected to the network at the same time, one of them stopped responding without enabling the HA, since the port of the switch was in Alternate mode.
Can somebody tell me, something about this topology? any recommendations please.
Regards
This thread was automatically locked due to age.