[c-nsp] 7301 (NPE-G1) leaking L2 frames over L3

Elmar K. Bins elmi at 4ever.de
Thu Sep 4 11:24:21 EDT 2008 

Following up on my own problem...
(fullquote provided for context in archives)

upgrading from 12.3(14)T7 to 12.4(21) fixed the leakage.
Just in case anyone else runs into that problem...

Yours,
	Elmar.


elmi at 4ever.de (Elmar K. Bins) wrote:

> Hi knowledgeable folks,
> 
> I have a somewhat weird issue with an admittedly slightly aged IOS
> on a 7301: That router is leaking Ethernet frames from one L3 interface
> to another.
> 
> I have been alerted by the folks at the exchange (who monitor very
> closely, thanks). Since they haven't turned my port off yet,
> leaking should be minimal.
> 
> The box is a 7301 with PA-2FE-TX (f1/0 connected to the exchange),
> running IOS 12.3(14)T7.
> 
> Inside - towards some servers - is a L3 portchannel
> (via a WS-3750):
> 
> interface Port-channel1
>  description PO to sw (via g0/0 and g0/1)
>  ip address xxx.xxx.xxx.1 255.255.255.0
>  ip access-group MGT-no in
>  ip access-group acl-SERVICE-out out
>  no ip redirects
>  no ip unreachables
>  no ip proxy-arp
>  ip route-cache same-interface
>  ip route-cache flow
>  load-interval 30
>  duplex full
>  hold-queue 150 in
> end
> 
> 
> Outside is a layer 3 port to the exchange fabric:
> 
> interface FastEthernet1/0
>  description exchange port
>  ip address xxx.xxx.xxx.xxx 255.255.254.0
>  ip access-group FILTER_IN-FastEthernet1-0-in-3 in
>  no ip redirects
>  no ip unreachables
>  no ip proxy-arp
>  ip accounting mac-address input
>  ip accounting mac-address output
>  ip accounting access-violations
>  load-interval 30
>  duplex full
>  speed 100
>  ipv6 address xx:xx:xx:xx:xx:xx:xx:xx/64
>  ipv6 nd suppress-ra
>  no ipv6 mld router
>  no keepalive
>  no cdp enable
> end
> 
> 
> Captured frames show that Ethernet frames with source MACs
> of the server NICs make it to the exchange fabric somehow.
> 
> My questions:
> 
>   - is this some kind of misconfiguration on my part?
>   - if not: does anyone know of / remember such a bug?
>   - how could I find info, probably on cisco.com?
>   
> I'm at a loss here. Blindly upgrading to T14 or whatever
> might or might not kill the bug. I'd like to reboot as
> rarely as possible...
> 
> Thanks for any help, hints or insight.
> 
> Elmar.

More information about the cisco-nsp mailing list