RE: [nsp] 6500/IOS+CatOS [12.1(7a)E1+6.2(2)], HSRP + local-proxy- arp problem

From: Desmarais, Jonathan (JDesmarais@colt-telecom.com)
Date: Wed Nov 14 2001 - 04:15:52 EST

Next message: KF: "RE: [nsp] What is VXR"
Previous message: Robert E. Seastrom: "Re: [nsp] Cisco 2600 IOS 12.010 only opening 5 vc at peak"
Next in thread: Desmarais, Jonathan: "RE: [nsp] 6500/IOS+CatOS [12.1(7a)E1+6.2(2)], HSRP + local-proxy- arp problem"
Maybe reply: Desmarais, Jonathan: "RE: [nsp] 6500/IOS+CatOS [12.1(7a)E1+6.2(2)], HSRP + local-proxy- arp problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

I assume the two customers are on the same ip subnet, just isolated using
PVlans.. If this is the case, in stead of proxy-arp, (an almost open door to
the underworld) try adding a route to the local network via the gateway. ie.
local ip is say 192.168.1.1, other customer is 192.168.1.50 on same subnet,
add route 192.168.1.0 via default on both servers. Although most IP stacks
usually know not to use routes to send to local addresses it will if you ask
it.

Later
Jon..

-----Original Message-----
From: Dmitri Kalintsev [mailto:dek@hades.uz]
Sent: 14 November 2001 01:54
To: cisco-nsp@puck.nether.net
Subject: Re: [nsp] 6500/IOS+CatOS [12.1(7a)E1+6.2(2)], HSRP +
local-proxy-arp problem

On Tue, Nov 13, 2001 at 08:22:04PM -0500, George Robbins wrote:
> proxy-arp is unspeakably evil and will result in much pain.

"ip local-proxy-arp" is the only way to get two customers in different
community VLANs talking via layer3.

> There are some specific 6500 pVLAN restrictions noted here, which may
> have bearing on the general issues:
>
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/relnotes/78_7190
.htm#xtocid195516

Been there, seen that. Thanks, but this did not help us. By the way, there's
bug CSCdv24926, which looks promising (although it talks about non-E train,
as far as I gather, and we are running hybrid rather than native IOS. I'm
waiting to hear from NSA, who promised to look into code to see if fix did
make it into E stream.

SY,

-- CCNP, CCDP (R&S) Dmitri E. Kalintsev CDPlayer@irc Network Architect @ connect.com.au dek @ connect.com.au phone: +61 3 9674 3913 fax: 9251 3666 http://-UNAVAIL- UIN:7150410 cell: +61 414 821 382

********************************************************************** COLT Telecommunications Registered in England No. 2452736 Registered Office: Bishopsgate Court, 4 Norton Folgate, London E1 6DQ Tel. 020 7390 3900

This message is subject to and does not create or vary any contractual relationship between COLT Telecommunications, its subsidiaries or affiliates ("COLT") and you. Internet communications are not secure and therefore COLT does not accept legal responsibility for the contents of this message. Any view or opinions expressed are those of the author. The message is intended for the addressee only and its contents and any attached files are strictly confidential. If you have received it in error, please telephone the number above. Thank you.

**********************************************************************

Next message: KF: "RE: [nsp] What is VXR"
Previous message: Robert E. Seastrom: "Re: [nsp] Cisco 2600 IOS 12.010 only opening 5 vc at peak"
Next in thread: Desmarais, Jonathan: "RE: [nsp] 6500/IOS+CatOS [12.1(7a)E1+6.2(2)], HSRP + local-proxy- arp problem"
Maybe reply: Desmarais, Jonathan: "RE: [nsp] 6500/IOS+CatOS [12.1(7a)E1+6.2(2)], HSRP + local-proxy- arp problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:54 EDT