10-17-2013 06:12 AM - edited 03-04-2019 09:20 PM
These interfaces are connected to firewalls of nokia running IPSO and using VRRP for high-availability. Result of arp command is null.
10-17-2013 07:29 AM
Try using the global command:
mac address-table static 0000.0000.fe01 vlan 122 interface GigabitEthernet1/0/8 GigabitEthernet1/0/5
Sachin
11-30-2018 04:42 AM
Thank You.
I had the same problem and, these recomendation solve the problem. It was very helpfull !!!!!
10-17-2013 11:46 AM
Hi Pramod,
Can you tell me where these MAC addresses are connected, if these are connected through Access points. When the device is roaming MAC Flap can happen
10-17-2013 01:51 PM
Hi Ajay,
As mentioned - The connected device is firewall running Nokia IPSO - An OS for firewall.
And Aside.Sachin,
Do you want me to assign mac statically to those interfaces? Is it not a kind of firewall cluster advertisement.
10-17-2013 06:12 PM
Yes. Statically assign a mac table entry for those interfaces. This is similar to the configuration that I had to do for Microsoft Load Balancing service.
Sachin
10-17-2013 06:35 PM
Sganpat, so for Server Load Balancing schemes, if you experience MAC flaps, would it be best to do what you mentioned above?
Just mac a static MAC address entry for the VLAN going to two interfaces?
mac address-table static 01cc.01cc.01ce vlan 100 gi0/1 gi0/2 >>>> For Example
10-18-2013 07:08 AM
Yes. Only if the server load balancing uses a single MAC address, or multicast address.
Sachin
10-17-2013 11:16 PM
So, Is the 0000.0000.fe01 MAC address of FW Interface?
10-18-2013 07:09 AM
No, it's not the FW interface. It's the interface for the Virtual IP for the two firewalls.
10-18-2013 01:47 AM
Can you post a diagram of your config?
Sounds like there may be an issue with your VRRP config on the firewalls and both are acting as the Master meaning they are both responding to ARP requests for the VRRP virtual mac address.
10-21-2013 04:40 AM
Difficult to post a daigaram. In brief - Even i was suspecting it to be VRRP issue in firewall. And even the MAC
0000.0000.fe01 might be of Virtual IP of firewall. Is it possible to elobrate with example from your end. That would ease in better understanding.
And sganpat - Its live scenario. Cant run command wihtout change approval.
11-30-2018 02:28 PM
Hello
Are you using nat?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide