[c-nsp] PVLAN and trunks (for redundancy and more bandwidth), any idea?

Sven 'Darkman' Michels sven at darkman.de
Tue Feb 23 03:26:58 EST 2010

Hash: SHA1


sorry for comming back to this topic and "old" email, but this one seems to be
the problem. When i disable ip very unicast, the problem vanishes away :(
The 6500 is actually running on SXF, but not latest: i'm running SXF15a on it, i
know that SXF16 is already there but when i last checked cisco, it states when
trying to download 16 that there is a more recent version which fixes $things
available - but i didn't found anything newer than 16 for download...?!

Two remaining questions for me:
is there an "easy" way to get something similar like verify unicast rx for
the pvlan? i guess it won't change the ip networks often, so some accesslist
or so would work, too (but i would only use it, if it doesn't impact the 6500
much, so software accesslist would be not what i want...)

second: i'm running sxf due to the possibility of fast failover to another
sup. the other two images do not provide the fast failover feature, but i read
on the list, that you can do a "manual" failover for upgrades etc. with only
a short (say 60-90 sec) downtime, which would, for me, be okay... anything else
i'm missing? could another image fix the ip unicast verify problem?

Thanks again for all suggestions + time you spend with me, helped a lot :)


Matt Buford schrieb:
> On Tue, Jan 26, 2010 at 7:06 AM, Sven 'Darkman' Michels <sven at darkman.de
> <mailto:sven at darkman.de>> wrote:
>     Now the problem: ping from 6509:
>     c6509#ping ip xx.xx.xx.13 repeat 5
>     Type escape sequence to abort.
>     Sending 5, 100-byte ICMP Echos to xx.xx.xx.13, timeout is 2 seconds:
>     ..!.!
> Your basic PVLAN configuration looks good.  Try disabling ARP
> inspection, DHCP snooping, and ip verify unicast.  Enabling extra
> features often break things, so I think it is best for you to test with
> the simplest config.  If that doesn't do it, try upgrading code to at
> least SXF.  You could also perhaps try pinging from a host behind the
> 6500 instead of pinging from the 6500 management interface itself
> (though you SHOULD be able to ping from the router, and I can on my PVLANs).
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the cisco-nsp mailing list