Hi all, I've been having a reproducible problem across multiple Catalyst 6509 switches running the same IOS 12.2(33)SXI4a for a while now that I just can't nail down.
In many situations where the switch is configured with an SVI on VLAN to function as a gateway, very often I find that I am unable to communicate with a newly added device or assigned IP on an existing device on that VLAN. No amount of probing it will appear to get it to respond. However, if I am on the device itself where the IP is bound and just do a simple ping out to something which has to traverse the SVI IP as a gateway, as long as the origin of the packet is the same IP, the switch then seems to learn the MAC address properly and all is happy and continues to work from that point forward. Is there something that would prevent ARP from discovering these newly added devices when the switch would be soliciting the network segment for the MAC address for a certain IP? I was leaning towards bug... or I have some unintended consequence due to the CoPP policy or rate-limiters on these switches which are also the same. I have the following mls rate limiters defined: mls rate-limit multicast ipv4 ip-options 100 10 mls rate-limit unicast ip options 100 10 mls rate-limit unicast ip icmp redirect 100 10 mls rate-limit all ttl-failure 100 10 mls rate-limit all mtu-failure 100 10 I have policing on arp packets in CoPP (which I think if I remember is done in software anyway), but I recall completely removing this and still having the same issue. For reference, I'm doing in CoPP: class-map match-all CoPP_ARP match protocol arp policy-map CoPP ... class CoPP_ARP police 8000000 ... Thanks for any assistance or advice! -Vinny _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
