On Thu, Apr 19, 2012 at 5:54 PM, Randy <randy_94...@yahoo.com> wrote: > --- On Thu, 4/19/12, Mario Ruiz <mruiz...@gmail.com> wrote:
> > Who is reporting the mac-flaps - the 6509 with fwsm OR fwsm itself? > > it appears that you are seeing it on the 6509 that has the fwsm? > > if that is the case, the an arp-reply from host at 0024.f716.5142 is being > seen via po30 and po579. > > Why do you have po30 on the same vlan as fwsm's outside int? > > Can you post relevant portions of the config? > ./Randy the 6509 is basically our services layer. data center stuff. it has .1q trunks to the cores, where the cores in-turn pick up a .1q tag for the L3 subinterface. in this example, vl1250. vrrp is used between the two cores via the 6509. the 6509 also has .1q trunks to our back-end routers. in this example, vl1251. the back-end routers do hsrp. the fwsm in the 6509 bridges vl1250 and vl1251 in order to do transparent firewalling. pretty standard. vl1250 is outside, vl1251 is inside. the 6509 is what is reporting the mac move, seeing it show up correctly on the uplink port to the core, and then seeing it show up incorrectly on the internal ec for the fwsm. the mac is the physical address of the core subint. i'm wondering if the fwsm is doing some sort of "random" gratuitous or proxy arp. the fwsm, which essentially participates, sees the correct mac as an arp entry. fwsm1/<context removed># sh arp outside <ip removed> 0024.f716.5142 i seem to have stopped the mac move messages by doing the following towards my cores (on the 6509). mac-address-table static 0024.f716.3242 vlan 1250 interface Port-channel40 mac-address-table static 0024.f716.5142 vlan 1250 interface Port-channel30 not sure what, if anything, yet, that i'm breaking by doing this. .rL _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/