11-30-2007 08:13 AM
The second context is not working, config is auto-sync'd
- Nothing is appearing in the arp table, so no communication is being made to the context. This sounds like how it should work when it is in a secondary state, is this the case?
But when I failover to it, there is still nothing in the arp table, even though the context is in ACTIVE state.
All ideas welcome
11-30-2007 11:15 AM
Did you assign vlans from MSFC to the ACE module on the 2nd chasiss?
Just a thought..
Syed
11-30-2007 11:28 AM
Thanks Syed, yes both 6509s have the range of vlans assigned to the module and the right vlans allocated to the context. So I should be seeing a full arp table in the context even when it's in standby?
11-30-2007 11:42 AM
Even the secondary context sends out probe to the rservers. Your arp table shouldnt be empty.
Are your contexts sharing vlans?
16 bank of mac adddresses are available to each ACE.If two ACEs are used in same layer2 network then different banks should be used
this is done by "shared-vlan-hostid
command.
Syed
11-30-2007 12:17 PM
Syed, This sounds like the solution, and have implemented it. I've put bank #1 on one ACE and bank #2 on the other. There is no change to the arp tables as yet. Do I need to reload?
11-30-2007 12:36 PM
Clearing arp, and recreating the context has not changed the MAC addresses. I will not be able to reload the primary ACE until tomorrow. There is a live service on the secondary ACE that does not have failover, so i don't know when i'd get to reload that one.
11-30-2007 12:48 PM
sh np 1 interface iflookup
will tell you whether both ACEs are using the same MAC.
Syed
11-30-2007 03:17 PM
I just found a bug related to shared-vlan-hostid.(reload is by the way needed for this command)
CSCsi01207
Using shared-vlan-hostid
on the other ace does not help (In case of redundant setup) since this command is replicated from primary context.
If you really are facing the same MAC address issue then rebooting the ACE is the only option.On reboot ACE selects a random MAC address.
Syed
12-01-2007 01:09 AM
Hi Syed, I have attached output from 'sh np 1 int if'. I'm not sure that I have the same MACs issue, because I don't seem to have any MACs at all on the secondary. :) Also, the shared-vlan-hostid command is only available in the Admin context, so I don't think it should be sync'd across (or is that the bug). In my case it has not been.
What does the output attached tell you?
12-01-2007 03:18 AM
Mac address pool is different on both ACEs
Primary/Service# sh np 1 int if
First burnt-in MAC: 00:1b:d5:9c:0c:49
Last burnt-in MAC: 00:1b:d5:9c:0c:4f
No of burnt-in MACs: 7
Hostid: 2
Secondary/Admin# sh np 1 int if
First burnt-in MAC: 00:1b:d5:9c:0e:2d
Last burnt-in MAC: 00:1b:d5:9c:0e:33
No of burnt-in MACs: 7
Hostid: 1
You are not in the situation where both ACE select same Mac address pool.
I suspect that Vlan 528 and 529 are not available on Secondary ACE.
Please check
1. If Vlan are properly defined on Secondary Switch.
2. If these VLAN are assigned from SUP to ACE
3. If trunk between 2 Switches allow the vlans used in the appropriate contexts
Syed
12-01-2007 03:53 AM
12-01-2007 04:50 PM
Config looks good..
On secondary the Services context doesnt show the vlans
Check the difference in output of the following commands.
Primary/Service# sh np 1 int if
First burnt-in MAC: 00:1b:d5:9c:0c:49
Last burnt-in MAC: 00:1b:d5:9c:0c:4f
No of burnt-in MACs: 7
Hostid: 2
Shared vlan macs currently in use (offset from 2048):
Vlan-vmac indexes currently in use: 0
Flags: Valid shared bridged ftstatus ssl-test normalization icmp-guard
Vlan ifid matchid ctxt primary vvind ftgrp ttl optact df Flags
---- ---- ------- ---- ------- ----- ----- --- ------ -- -----
528 4 4 1 528 0 6 0 2 0 1001000
529 5 5 1 529 0 6 0 2 0 1001000
Secondary/Service# sh np 1 int if
First burnt-in MAC: 00:1b:d5:9c:0e:2d
Last burnt-in MAC: 00:1b:d5:9c:0e:33
No of burnt-in MACs: 7
Hostid: 1
Shared vlan macs currently in use (offset from 1024): 0
Vlan-vmac indexes currently in use: 0-1
Flags: Valid shared bridged ftstatus ssl-test normalization icmp-guard
Vlan ifid matchid ctxt primary vvind ftgrp ttl optact df Flags
---- ---- ------- ---- ------- ----- ----- --- ------ -- -----
Which is not the case with the admin context on both switches.
Is it possible to reboot the secondary.
Syed
12-02-2007 12:32 AM
You have SVIs defined for both vlan 528 and 529 on MSFC. How will return traffic pass through ACE?
Are you running one arm mode/ using source NAT?
Can you also post vlan interfaces config on ACE.
Syed
12-02-2007 12:41 AM
Yes, that's certainly what i'm trying to do. As for rebooting, not sure if or when that can happen. But I will try.
12-03-2007 11:08 AM
When you asked for the interface config I also did a "show int" on the secondary ACE:
vlan528 is down, IP address or bridge group not configured
...
vlan529 is down, IP address or bridge group not configured
...
I had previously thought that the secondary took over the primary's interface address, but in fact (as i'm sure you're well aware) I should have configured " peer ip address x.x.x.x x.x.x.x" on both vlans in the primary context. I have done so and all is working as expected.
Thanks for your time and help,
Claire
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide