[c-nsp] Spanning VRFs and seeing my own MAC address on a 4948
Sam Stickland
sam_mailinglists at spacething.org
Tue Aug 5 09:14:35 EDT 2008
Lincoln Dale wrote:
>
>
> Sam Stickland wrote:
>> Hi,
>>
>> We have a pair of 4948s and some DDOS devices configured in this
>> topology (this is an inheritated design btw!):
>>
>> SW1 SVI ---VLANA-- SW2 SVI
>> | |
>> DDOS Std DDOS Act
>> | |
>> SW1 (L2) --VLANB-- SW2 (L2)
>> X |
>> | |
>> Inside ----VLANB--- Inside
>> [..]
>> I believe this is because the switches MAC tables aren't VRF aware
>> and the only way to solve the CPU problem is to use physically
>> seperate switches: i.e. replace the L2 portions in the diagram with
>> separate L2 switches.
>>
>> Is my thinking correct? Is their another way?
> logically speaking, VRFs are for L3 what VLANs are for L2.
>
> i don't think "replacing with seperate L2 switches" will fix it, i
> think you've got a L2 loop that needs fixing.
Really? Where? Drawing out the diagram above as the spanning-tree
topology stabilises it's:
SW1 SVI ---VLANA-- SW2 SVI
|
DDOS Std DDOS Act
| |
SW1 (L2) --VLANB-- SW2 (L2)
|
|
Inside ----VLANB--- Inside
Far from ideal, I know, but I'm not sure there's a L2 loop here.
Sam
More information about the cisco-nsp
mailing list