[c-nsp] MAC Address 'static' and HSRP failover

mark walters markwalters1980 at hotmail.com
Tue Mar 9 07:35:20 EST 2010 








Hi, 

 

Was hoping someone could help. It’s a relatively set
up but Im having a few issues. In a nut shell, we have 2 routers connecting to
two provider routers via a switch. Each router pair are running HSRP for
redundancy. Switches are configured to connect devices over a single VLAN. The
issue we’re having is when the provider router fails over to the secondary by
downing the upstream WAN interface (which its tracking). The Provider sees this
HSRP fail over but were unable to ping the gateway. The config is pretty
vanilla but the one thing that is really strange is the fact that both switches
are learning the virtual MAC and neither is purged during failover. In previous configs port-security has caused the
MAC addresses to be learnt “dynamically” and obviously the virtual MAC is only
seen from the active router. In this set up both switches are learning the virtual
Mac from both upstream routers and then ‘statically’ assigning them rather than
dynamic which I believe is causing issues. Its almost behaving as though its
configured for sticky which isn’t in the config? Has anyone seen this behaviour
before .. Im assuming its not default? Both switches are WS-C2960-24TT-L running 12.2(44)SE6. We have this
configured on 3550s with no issues. 

Thanks. Mark.


 

 

SW01#sh mac address-table | i 0/5

 200    0000.0c07.ac01    STATIC     
Fa0/1  << Virtual learnt
from both – STATIC??

 200    0026.cbfb.1031    STATIC     
Fa0/1

 

SW02#sh mac address-table | i 0/4

 200    0000.0c07.ac01    STATIC     
Fa0/1 << Virtual learnt from both – STATIC??

 200    0026.cbfb.1075    STATIC     
Fa0/1

 

 

**SWITCHPORT CONFIG CONNECTING TO PROVIDER ROUTERS**


SW01#sh run int fa0/1

interface FastEthernet0/1

 description
"Provider Primary RTR”

 switchport
access vlan 200

 switchport mode
access

 switchport
nonegotiate

 switchport
port-security maximum 2

 switchport
port-security

 speed 100

 duplex full

 no cdp enable

 spanning-tree
portfast

 spanning-tree
bpdufilter enable

 spanning-tree
bpduguard enable

 spanning-tree
guard root

end

 

SW02#sh run int fa0/1

interface FastEthernet0/1

 description
"Provider Secondary RTR"

 switchport
access vlan 200

 switchport mode
access

 switchport
nonegotiate

 switchport
port-security maximum 2

 switchport
port-security

 speed 100

 duplex full

 no cdp enable

 spanning-tree
portfast

 spanning-tree
bpdufilter enable

 spanning-tree
bpduguard enable

 spanning-tree
guard root

 

SW02#sh port-security 

Secure Port 
MaxSecureAddr  CurrentAddr  SecurityViolation  Security Action

               
(Count)       (Count)          (Count)

---------------------------------------------------------------------------

      Fa0/1              2            2                  0         Shutdown

---------------------------------------------------------------------------

Total Addresses in System (excluding one mac per
port)     : 1

Max Addresses limit in System (excluding one mac per
port) : 8192

 		 	   		  
_________________________________________________________________
Get the latest jobs delivered. Sign up for SEEK Jobmail.
http://clk.atdmt.com/NMN/go/157639755/direct/01/

More information about the cisco-nsp mailing list