Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
493
Views
0
Helpful
4
Replies

Server with Microsoft NLB connecting to Fabric Edge switch

Go to solution
e-chuah
Level 1
Level 1

‎02-21-2023 07:48 AM

Hi,

We have some BMS servers using Microsoft NLB (in unicast mode) connecting to the Catalyst 9300 fabric edge switch.

We configure them as static ports with no authentication. We also turn on L2 flood for that vlan.

However, the BMS folks are still having issues connecting their servers to the fabric edge switches.

We will do further troubleshooting tomorrow. Would like to check if anyone has done this before or is it supported ..

Any comments greatly appreciated. Thankks !

Eng Wee

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
jedolphi
Cisco Employee
Cisco Employee
In response to e-chuah

‎02-21-2023 08:31 PM

Thanks Eng. Clever thinking, but doesn't matter if L2 Flooding on or off, multiple IP to MAC not supported in an SD-Access routed segment (a segment with an Anycast Gateway) prior to 2.3.5.x. In 2.3.5.x we will add support for Multiple IP to MAC on Fabric Edges Nodes (not PEN). In 2.3.3.x only option is to use an L2VN with Gateway Outside the Fabric, if there is no Fabric-Enabled Wireless endpoints connected to the L2VN. Regards, Jerome

View solution in original post

0 Helpful
4 Replies 4

Go to solution
jedolphi
Cisco Employee
Cisco Employee

‎02-21-2023 03:59 PM

Hello Eng, I don't know how MS NLB works, might need some diagrams and technical explanations, BUT, if NLB associates multiple IP Addresses to a single MAC address this will be the cause of the problem. Today SD-Access allows a maximum of one IP address per MAC address. If there is two IPs using same MAC then SD-Access assumes this is a security violation. In SD-Access 2.3.5.x (target March 2023, subject to change) there will be an option to turn on Multiple IP per MAC on Fabric Edge Nodes. Regards, Jerome

0 Helpful

Go to solution
e-chuah
Level 1
Level 1
In response to jedolphi

‎02-21-2023 07:56 PM

Hi Jerome,

Thanks for the reply.

Pls see attached how microsoft NLB unicast mode works.

From the cat9k switch, mac address table, we see one unique mac address for each server.

from ARP table perspective, 

we see ServerA, ServerB, virtual IP all having the same virtual mac address.

Logically, if we turn on flooding, it should work (though not optimal due to flooding of packet)

 Thanks for your help.

Rgds

 

Preview file
217 KB
0 Helpful

Go to solution
jedolphi
Cisco Employee
Cisco Employee
In response to e-chuah

‎02-21-2023 08:31 PM

Thanks Eng. Clever thinking, but doesn't matter if L2 Flooding on or off, multiple IP to MAC not supported in an SD-Access routed segment (a segment with an Anycast Gateway) prior to 2.3.5.x. In 2.3.5.x we will add support for Multiple IP to MAC on Fabric Edges Nodes (not PEN). In 2.3.3.x only option is to use an L2VN with Gateway Outside the Fabric, if there is no Fabric-Enabled Wireless endpoints connected to the L2VN. Regards, Jerome

0 Helpful

Go to solution
Aseem1
Level 1
Level 1
In response to e-chuah

‎03-15-2023 03:43 AM

just initiate the pings to the devices the arp flooding would kick in and they will respond.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents