[c-nsp] Port-Security x Teaming on Catalyst 4500
Rubens Kuhl Jr.
rubens at email.com
Thu Sep 30 14:18:28 EDT 2004
I'm facing a problem with port-security on a high-availability configuration. Scenario have two Catalyst 4500 switches (SUP III), with machines connected to both switches using teaming (active-standby, same MAC address is used by the adapters on both switches).
Port-security is in learning mode (up to 1 address); primary switch receives a packet from the port, learns the MAC and locks to it. Secondary switch is active to other network elements, forwarding the packets to that machine thru a trunk between the switches.
When a fail-over happens, secondary switch receives a packet from secondary NIC, learns the MAC and locks to it. So far, so good.
Problem arises with fail-back: primary NIC resumes sending packets, secondary NIC goes into deaf mode and discards packets sent to it. Secondary switch insists on delivering packets locally instead of sending them thru trunk.
The most curious about this is that the same scenario with Catalyst 6500 (Sup 720) works fine.
Any ideas ?
Rubens
More information about the cisco-nsp
mailing list