[c-nsp] ARP requests

Eugene Grosbein eugen at grosbein.net
Wed Aug 19 13:28:49 EDT 2020


19.08.2020 23:23, Łukasz Bromirski wrote:

I've just solved my problem, see below.

> Did the interface had IP address assigned in the past to main interface and then changed to subinterface ones?

No, never.

> I remember couple of nasty 7200-impacting bugs in 15.x train (so called “CEF rewrite” or “not 13.x”) that had stale IDB entries wrongly mapped to CEF structures and that could potentially result in similar behavior.
> 
> Also, can you identify if those ARP requests are valid, belonging to subinterface link space, or totally bogus?

They seem to be completely valid with exception they seemingly lack tags...

> And if they happen both on the main interface and subinterface, or only on main interface?

Main only. Mirroring is done by Cisco 7600 acting as "switch" for this port,
so I went and re-read "Local SPAN, RSPAN, and ERSPAN Guidelines and Restrictions"
part of documentation, as I've read it long ago last time. And here it is:

> SPAN copies Layer 2 Ethernet frames, but SPAN does not copy
> source trunk port Inter-Switch Link Protocol (ISL) or 802.1Q tags.
> You can configure destinations as trunks to send locally tagged traffic to the traffic analyzer.

SPAN destination port was configured as L3 (no switchport) and still some traffic was copied with 802.1q vlan tags.
Nevertheless, I've reconfigured SPAN destination to switchport trunk mode with all vlans allowed
and voila! Now it shows that ARP request DO REALLY HAVE proper tags attached.

Sorry for noise, case closed. Thank you all for help.




More information about the cisco-nsp mailing list