07-19-2017 12:22 PM - edited 03-01-2019 05:17 AM
I have a single bridge domain with two end point groups. Each EPG is bound to the same port using different vlan encapsulation.
The attached host has two IP addresses with the same MAC address but it is using different vlan encap on packets from each source IP address.
What I hoped would happen was traffic from each IP/vlan would end up in a different EPG. What I find is the MAC is learnt in one EPG with two IP addresses.
Am I doing something incorrectly or is this expected behaviour?
Attaching the EPGs to different BDs fixes the problem but that of course means that we need to have different subnets for each EPG.
John
07-19-2017 01:42 PM
Sounds very similar to what turned out to be the problem for Daz's issue - see https://supportforums.cisco.com/discussion/13335826/help-total-noobintra-epg-vlan-based-epgs
The end analysis in that case was:
The problem is the Source MAC used by the 4500. If you look at the Endpoint detail, you see the same MAC address is learned for the "endpoint" in the Gamma_Corp_EPG as well as Beta_Customer_EPG. We'd essentially be trying to learn the same endpoint in two different EPGs - which would cause it to bounce.
so having the same MAC for two endpoints in the same BD, even if they have different IPs, seems to be a problem - I have not tried to build this to verify.
ssh to the leaf where the endpoint(s) are attached and see what
show endpoint detail
and
show vlan extended
show you.
HTH
RedNectar
aka Chris Welsh
Don't forget to mark answers as correct if it solves your problem. This helps others find the correct answer if they search for the same problem
07-20-2017 02:14 AM
Thanks Chris
Are we saying that a MAC can only belong to one EPG in any bridge domain?
John
07-20-2017 06:50 AM
Correct, if two EPGs share the same BD, a MAC must only belong to one EPG. Otherwise you'll see the MAC bouncing between the EPGs.
/Marcel
07-20-2017 06:55 AM
But would it be possible to use microsegmentation EPGs and use the IP as filter?
(IP should be static in that case)
Jan
07-20-2017 09:01 AM
I was thinking the exact same thing Jan. I'd try it out but our hardware doesn't support IP based uEPG.
John
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide