Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2466
Views
0
Helpful
5
Replies

multiple IP, single mac, different vlan encap - end point learning ignores encap

jmakepeac
Level 1
Level 1

‎07-19-2017 12:22 PM - edited ‎03-01-2019 05:17 AM

I have a single bridge domain with two end point groups.  Each EPG is bound to the same port using different vlan encapsulation.

The attached host has two IP addresses with the same MAC address but it is using different vlan encap on packets from each source IP address.

What I hoped would happen was traffic from each IP/vlan would end up in a different EPG.  What I find is the MAC is learnt in one EPG with two IP addresses.

Am I doing something incorrectly or is this expected behaviour?

Attaching the EPGs to different BDs fixes the problem but that of course means that we need to have different subnets for each EPG.

John

Labels:
0 Helpful
5 Replies 5

RedNectar
VIP
VIP

‎07-19-2017 01:42 PM

Sounds very similar to what turned out to be the problem for Daz's issue - see https://supportforums.cisco.com/discussion/13335826/help-total-noobintra-epg-vlan-based-epgs

The end analysis in that case was: 

The problem is the Source MAC used by the 4500.  If you look at the Endpoint detail, you see the same MAC address is learned for the "endpoint" in the Gamma_Corp_EPG as well as Beta_Customer_EPG.  We'd essentially be trying to learn the same endpoint in two different EPGs - which would cause it to bounce.

so having the same MAC for two endpoints in the same BD, even if they have different IPs, seems to be a problem - I have not tried to build this to verify.

ssh to the leaf where the endpoint(s) are attached and see what 

show endpoint detail

and 

show vlan extended

show you.

HTH

RedNectar
aka Chris Welsh

Don't forget to mark answers as correct if it solves your problem. This helps others find the correct answer if they search for the same problem

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.
0 Helpful

jmakepeac
Level 1
Level 1
In response to RedNectar

‎07-20-2017 02:14 AM

Thanks Chris

Are we saying that a MAC can only belong to one EPG in any bridge domain?

John

0 Helpful

Marcel Zehnder
Spotlight
Spotlight
In response to jmakepeac

‎07-20-2017 06:50 AM

Correct, if two EPGs share the same BD, a MAC must only belong to one EPG. Otherwise you'll see the MAC bouncing between the EPGs.

/Marcel

0 Helpful

jwendling
Level 1
Level 1
In response to Marcel Zehnder

‎07-20-2017 06:55 AM

But would it be possible to use microsegmentation EPGs and use the IP as filter?

(IP should be static in that case)

Jan

0 Helpful

jmakepeac
Level 1
Level 1
In response to jwendling

‎07-20-2017 09:01 AM

I was thinking the exact same thing Jan.  I'd try it out but our hardware doesn't support IP based uEPG.

John

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents

Save 25% on Day-2 Operations Add-On License