Buy or Renew
Buy or Renew
COMING SOON: Umbrella and Secure Access release notes are coming to Cisco Community. The community will be in read-only August 16 – 19. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2544
Views
0
Helpful
2
Replies

C4K-HOST-FLAPPING on Virtual Mac for Clustered Firewalls

kgeorgeson
Level 1
Level 1

‎03-24-2004 01:28 PM - edited ‎03-02-2019 02:32 PM

We are getting a log entries every 10 to 15 secs on our Cat4006's with SUPIII's and IOS 12.1(8a)EW.

The error is reporting that MACs 00:00:00:00:FE:00 and 00:00:00:00:FE:01 are flapping between various interfaces.

We have traced these MACs back to the ports where our CheckPoint Cluster XL firewalls are connected, and beleive that the Active cluster node is advertising 00:00:00:00:FE:00 and the Passive cluster node is advertising 00:00:00:00:FE:01.

I believe the issue is being caused by the fact that we have multiple independant firewall clusters on the same VLAN, therefore we have two active firewalls (from different clusters) advertising the mac 00:00:00:00:FE:00.

Does the CAM tables track MACs per VLAN? Therefore if I moved these firewalls into different VLAN segments (but on the same switch) then this issue would be rectified? Or am I on the wrong track here?

1 person had this problem
Labels:
0 Helpful
2 Replies 2

robho
Level 3
Level 3

‎03-24-2004 02:28 PM

The switch tracks the CAM per vlan. So, it should be OK to use the same MAC on different vlan but NOT OK to exist on the same vlan.

RH

0 Helpful

kgeorgeson
Level 1
Level 1
In response to robho

‎03-24-2004 04:21 PM

Thanks

0 Helpful
Customers Also Viewed These Support Documents