Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
621
Views
0
Helpful
0
Replies

L3Out to Firewall

udo.konstantin
Level 1
Level 1

‎07-28-2021 03:41 AM

Hello,

a customer has a l3out to a firewall cluster (active/standby) with two leaf switches (leaf 101 and 102). Customer explained redundancy doesn't work. 

The l3out is done with routed interface. Each interface has an IP address from a /29 network. 
The .1 is the firewall and .2 and .3 are the leaf nodes. There is no secondary IP configured. Routing is done with OSPF. Firewall is propagating the default route (0.0.0.0). 

OSPF adjacency is established between leaf switches and firewall. Between the leaf switches OSPF stuck in exstart (because of incomplete ARP). Each routed l3out interface on leaf 101 and 102 has the same MAC address. 

Between Leaf Switches and Firewall there is a catalyst 9K Switch which transparently connect Leaf with firewall. On the Catalyst I noticed mac flapping (same mac address) between the two leaf switches. 
As I know Cisco recommends to change the MAC? 

 

Any ideas or further design suggestions? 

 

BR

Udo 

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents

Save 25% on Day-2 Operations Add-On License