[c-nsp] Spanning VRFs and seeing my own MAC address on a 4948
Lincoln Dale
ltd at cisco.com
Tue Aug 5 08:47:02 EDT 2008
Sam Stickland wrote:
> Hi,
>
> We have a pair of 4948s and some DDOS devices configured in this
> topology (this is an inheritated design btw!):
>
> SW1 SVI ---VLANA-- SW2 SVI
> | |
> DDOS Std DDOS Act
> | |
> SW1 (L2) --VLANB-- SW2 (L2)
> X |
> | |
> Inside ----VLANB--- Inside
> [..]
> I believe this is because the switches MAC tables aren't VRF aware and
> the only way to solve the CPU problem is to use physically seperate
> switches: i.e. replace the L2 portions in the diagram with separate L2
> switches.
>
> Is my thinking correct? Is their another way?
logically speaking, VRFs are for L3 what VLANs are for L2.
i don't think "replacing with seperate L2 switches" will fix it, i think
you've got a L2 loop that needs fixing.
cheers,
lincoln.
More information about the cisco-nsp
mailing list