[c-nsp] mac flapping on 6509 between core and fwsm
ryanL
ryan.landry at gmail.com
Thu Apr 19 21:58:44 EDT 2012
On Thu, Apr 19, 2012 at 5:54 PM, Randy <randy_94108 at yahoo.com> wrote:
> --- On Thu, 4/19/12, Mario Ruiz <mruiznet at gmail.com> wrote:
>
> Who is reporting the mac-flaps - the 6509 with fwsm OR fwsm itself?
>
> it appears that you are seeing it on the 6509 that has the fwsm?
>
> if that is the case, the an arp-reply from host at 0024.f716.5142 is being seen via po30 and po579.
>
> Why do you have po30 on the same vlan as fwsm's outside int?
>
> Can you post relevant portions of the config?
> ./Randy
the 6509 is basically our services layer. data center stuff. it has
.1q trunks to the cores, where the cores in-turn pick up a .1q tag for
the L3 subinterface. in this example, vl1250. vrrp is used between the
two cores via the 6509. the 6509 also has .1q trunks to our back-end
routers. in this example, vl1251. the back-end routers do hsrp. the
fwsm in the 6509 bridges vl1250 and vl1251 in order to do transparent
firewalling. pretty standard. vl1250 is outside, vl1251 is inside.
the 6509 is what is reporting the mac move, seeing it show up
correctly on the uplink port to the core, and then seeing it show up
incorrectly on the internal ec for the fwsm. the mac is the physical
address of the core subint.
i'm wondering if the fwsm is doing some sort of "random" gratuitous or
proxy arp. the fwsm, which essentially participates, sees the correct
mac as an arp entry.
fwsm1/<context removed># sh arp
outside <ip removed> 0024.f716.5142
i seem to have stopped the mac move messages by doing the following
towards my cores (on the 6509).
mac-address-table static 0024.f716.3242 vlan 1250 interface Port-channel40
mac-address-table static 0024.f716.5142 vlan 1250 interface Port-channel30
not sure what, if anything, yet, that i'm breaking by doing this.
.rL
More information about the cisco-nsp
mailing list