IDSM with inline pairs causing mac move

Rodrigo Gurriti — Sun, 10 Mar 2019 12:27:40 GMT

Hello,

I´ve just added the IDSM-2 blades on a 6500 and configured it but it did not work as I planned.

This picture is a little scale what I tried to do, actually I had more vlans on the inspection.

I have 2 cores and a portchannel trunk in between them and for redundancy I´m using HSRP as the config shows.

After I congfigured I´ve got these msgs and I could not figure out how to stop it:

Core1

%MAC_MOVE-SP-4-NOTIF: Host 001a.a2e4.e800 in vlan 6 is flapping between port Gi6/d1 and port Po1

%MAC_MOVE-SP-4-NOTIF: Host 001a.a2e4.e800 in vlan 7 is flapping between port Gi6/d1 and port Po1

MAC 001a.a2e4.e800 is from Core2

Core2

%MAC_MOVE-SP-4-NOTIF: Host 0022.557b.c340 in vlan 6 is flapping between port and port Po1

%MAC_MOVE-SP-4-NOTIF: Host 0022.557b.c340 in vlan 7 is flapping between port Po1 and port

Mac 0022.557b.c340 is from Core1

There was only one VLAN pair that did not have this problem, which was the VLAN L2 for the ISP router and the VLAN Outside for the FWSM . It also was the only VLAN that did not have HSRP working, I dont know if it has something to do.

The Core 1 is the STP Root with priority of Zero and the Core 2 is the Backup Root with priority 4096

Any guesses ?

IDSM with inline pairs causing mac move

rhermes — Tue, 30 Aug 2011 21:18:41 GMT

I see this log message frequently when using a switch to feed an IPS sensor if the same Ethernet frame is entering the same VLAN on two different interfaces. I can;t tell how your traffic is flowing but I think you have the same issue.

In my case it was not anything to worry about so I just ignored the messages.

- Bob

topic IDSM with inline pairs causing mac move in Network Security

IDSM with inline pairs causing mac move

IDSM with inline pairs causing mac move