Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
403
Views
1
Helpful
10
Replies

Cisco 3750 Switch not forwarding mac address learnt from Firewall

Go to solution
HTD
Level 1
Level 1

‎11-20-2024 01:06 PM

Hello, I have a Cisco 3750 switch which is connected to a Juniper Firewall on an access port, the switch can learn mac address from the Firewall. The switch uplink is a Cisco 6504 router. The 6504 router cannot learn the mac address of the firewall connected to the switch even though the vlan is passed on the connection between the router and switch. 

 

I have been troubleshooting this with no headway, any assistance will be appreciated

Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
HTD
Level 1
Level 1

‎11-23-2024 11:19 PM

Thank you all for your input, the issue is resolved, it was from the firewall. The mastership had moved to the secondary which was not connected to the 3750, hence arp was not successful. I changed the mastership to the primary and it got resolved.

View solution in original post

0 Helpful
10 Replies 10

Go to solution
MHM Cisco World
VIP
VIP

‎11-20-2024 10:29 PM

can you ping from FW to any IP in C6000 ?

MHM

0 Helpful

Go to solution
HTD
Level 1
Level 1
In response to MHM Cisco World

‎11-20-2024 11:04 PM

The FW is currently unreachable, there is actually a point to point IP between Firewall and C6000, the point to point is unreachable, hence I cannot access the FW

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎11-20-2024 11:14 PM 

Cisco 3750 switch which is connected to a Juniper Firewall on an access port, the switch can learn mac address from the Firewall.

in this case the switch port up that connected to Firewall, so Switch learning MAC address, what VLAN is that ?

The switch uplink is a Cisco 6504 router.

how is the configuration looks like between (6504 - Router or switch ?) 6K to 3750 share the configuration here to understand

 The 6504 router cannot learn the mac address of the firewall connected to the switch even though the vlan is passed on the connection between the router and switch.

can we know the VLAN and configuration asked above.

Do you learn any other MAC address from 3750 to 65XX ?

The FW is currently unreachable, there is actually a point to point IP between Firewall and C6000, the point to point is unreachable, hence I cannot access the FW

firewall not reachable, but its powered on right ?

P2P - Do you have any other connection or all go via 3750 Switch here ?

is P2P IP via VLAN SVI ? or Layer 3 Physical interface connection ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
HTD
Level 1
Level 1
In response to balaji.bandi

‎11-20-2024 11:58 PM

in this case the switch port up that connected to Firewall, so Switch learning MAC address, what VLAN is that ? Vlan 865

 

how is the configuration looks like between (6504 - Router or switch ?) 6K to 3750 share the configuration here to understand

configuration is trunk between the the router and switch, passing multiple Vlans

Do you learn any other MAC address from 3750 to 65XX ? Yes, other mac address for different vlans from 3750 is learnt on 65xx

firewall not reachable, but its powered on right ? Yes, it is powered on , cable connection between firewall and switch is up

P2P - Do you have any other connection or all go via 3750 Switch here ? No, only one, from firewall to 3750

is P2P IP via VLAN SVI ? or Layer 3 Physical interface connection ? P2P on 65xx is vlan SVI, I actually created SVI on 3750 to test for the vlan and I could ping IP on 65xx .

 

 

 

 

 

 

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to HTD

‎11-21-2024 01:21 PM 

P2P on 65xx is vlan SVI, I actually created SVI on 3750 to test for the vlan and I could ping IP on 65xx .

you created SVI on switch and then you able to ping SVI of 6500, then you should see arp table of Firewall also in the switch since it got ip in that switch.

firewall may be not pinging due to ACL ?

try from firewall to 3750 Switch IP you configured ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to balaji.bandi

‎11-21-2024 01:35 PM

Would you post the configuration of 3750? Also the output of theses commands:

show cdp neighbor

show interface trunk

HTH

Rick
0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎11-21-2024 12:35 AM

Can you draw topolgy 

MHM

0 Helpful

Go to solution
HTD
Level 1
Level 1

‎11-23-2024 11:19 PM

Thank you all for your input, the issue is resolved, it was from the firewall. The mastership had moved to the secondary which was not connected to the 3750, hence arp was not successful. I changed the mastership to the primary and it got resolved.

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to HTD

‎11-24-2024 12:05 AM

Sure we assumed same as i was mentioned when you able to reach all devices, and you see the MAC then i suspect configuration issue, any way glad all good.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to HTD

‎11-24-2024 06:24 AM

Thanks for the update. Glad that you have solved the issue.

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card