Hi people,

I am hoping you can help me. I have inherited a bit of a mess on my current job. I think I have it right, but it is not working.

We have a 6509 with an ACE module. For reasons I dont fully understand the ACE is running using a BVI in bridge mode. It has loads of secondary interfaces.

Our BVI looks like this

interface bvi 2

  ip address 10.7.40.4 255.255.255.0

  peer ip address 10.7.40.3 255.255.255.0

  ip address 10.7.42.1 255.255.255.0 secondary

  peer ip address 10.7.42.2 255.255.255.0 secondary

  ip address 10.7.43.2 255.255.255.0 secondary

  peer ip address 10.7.43.1 255.255.255.0 secondary

  ip address 10.7.44.2 255.255.255.0 secondary

  peer ip address 10.7.44.1 255.255.255.0 secondary

  ip address 10.7.45.2 255.255.255.0 secondary

  peer ip address 10.7.45.1 255.255.255.0 secondary

  no shutdown

I know it is a mess, but this is how I have found it.

We have two VLANS

interface vlan xxx
description interface facing Servers  
bridge-group 2  
access-group input BPDU  
access-group input ALLOW_ALL

interface vlan xxx  
description interface facing FWSM  
bridge-group 2 

access-group input BPDU 

access-group input ALLOW_ALL

I can ping all of the IPs on the BVI, but only servers in Subnet 10.7.42/42 can ping out of the the layer 3 on the 6509.

I have all the routes configured properly on the 6509 pointing to the ACE for these subnets

The question is though the config has been excepted, is there a limit to the number of secondarys on a BVI.

I know this is a messy way of doing things, and when the time permits, it will be changed.

Graham M