cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4206
Views
0
Helpful
5
Replies

default gateway mac address seen on printer access-port, switch cant ping its HSRP default gateway,

mustafa83
Level 1
Level 1

Hello,

The issue is for some reason the mac address of HSRP VIP(virtual ip 10.10.97.1) seen on access-port, that access port connected to a printer, TAC bounced that printer access-port and then we are back to normal, default-gateway mac seen thru unlink interface,

I’m sharing all details, and seeking a preventive action, as bouncing the port was a band-aid to get the users working

 

 

We are been having this issue for while in our enterprise network, i happens once in a while in different locations and platforms(3850,3750,4510 Sup5 and 6, 4506 sup5 and 6) we tried to upgrade the code and didnt helped.

 

Issue will start by users reporting they cant access the network resource, we cant access the switch via normal ssh because its not replying to ping from the network(outside its subnet), so we ssh to Distro and from there we ssh to the access switch, and troubleshoot,

access switch cant ping default gateway 10.10.97.1

access switch can ping SVI ip A side 10.10.97.2 and B side 10.10.97.3

both Distros can ping switch ip 10.10.97.4

 

 

Cisco-3850#show ip arp 10.10.97.1
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  10.10.97.1             10   0000.0c9f.f4b2  ARPA   Vlan1202

Cisco-3850#show mac add | i f4b2
1202    0000.0c9f.f4b2    STATIC      Gi2/0/36

Cisco-3850#show mac add int gig 2/0/36
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
1202    0000.0c9f.f4b2    STATIC      Gi2/0/36
1202    9457.a5d2.f0e2    STATIC      Gi2/0/36

as you can see the problem above, no wonder the switch not reachable from the network

fix:

interface gig 2/0/36

shutdown

no shutdown

 

access switch cisco 3850 in this case, dual uplinked to 6509E switches on HSRP V2 setup, sharing the diagram and setup and some show command,

 

appreciate the help,

Thanks

Mustafa

 

5 Replies 5

Reza Sharifi
Hall of Fame
Hall of Fame

Hi,

Can you post the output of "show etherchannel summary" from both core and access switches?

HTH

DIST-A#show etherchannel 2 summary
Flags:  D - down        P - bundled in port-channel
        I - stand-alone s - suspended
        H - Hot-standby (LACP only)
        R - Layer3      S - Layer2
        U - in use      N - not in use, no aggregation
        f - failed to allocate aggregator

        M - not in use, no aggregation due to minimum links not met
        m - not in use, port not aggregated due to minimum links not met
        u - unsuitable for bundling
        d - default port

        w - waiting to be aggregated
Number of channel-groups in use: 5
Number of aggregators:           5

Group  Port-channel  Protocol    Ports
------+-------------+-----------+-----------------------------------------------
2      Po2(SU)         LACP      Gi3/1(P)       Gi4/1(P)

Last applied Hash Distribution Algorithm: Fixed

DIST-B#show etherchannel 2 su
SMITH-DIST-B#show etherchannel 2 summary
Flags:  D - down        P - bundled in port-channel
        I - stand-alone s - suspended
        H - Hot-standby (LACP only)
        R - Layer3      S - Layer2
        U - in use      N - not in use, no aggregation
        f - failed to allocate aggregator

        M - not in use, no aggregation due to minimum links not met
        m - not in use, port not aggregated due to minimum links not met
        u - unsuitable for bundling
        d - default port

        w - waiting to be aggregated
Number of channel-groups in use: 5
Number of aggregators:           5

Group  Port-channel  Protocol    Ports
------+-------------+-----------+-----------------------------------------------
2      Po2(SU)         LACP      Gi3/1(P)       Gi4/1(P)

Last applied Hash Distribution Algorithm: Fixed

Hello

No so sure this is down to your FHRP but have you tried increasing your HRSP timers,enabling preemption on both sides and giving Distro A a higher priority value.

You can also try telling hrsp to use it BIA mac- address of the switchs instead of the virtual-mac is uses, but I am aware there are some caveats to this feature which effects various platforms

Or try using VRRP instead.

res
Paul




Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Po2 connects Distro-A to Distro-B, so, how does the 3850 (access switch) connect to the Distros,

Can you post config for the uplinks from and to access switch?

(1/1/1 and 3/1/1)

HTH

dmcloon
Level 1
Level 1

Interesting, we just experienced this for the first time on a 2960S running 15.2(2)E4. Router MAC was showing up on an interface connected to a HP Printer rather than the uplink port-channel. It made no sense. A few months ago MAB monitor mode (authentication open) was added to the access ports. The existing port-security configuration was not modified. The Cisco MAB Deployment Guide recommends against MAB and Port Security on same interface and goes so far to say they can interfere with each other. We both have these features configured! I suspect there is an unknown or unpublished bug related to MAB and Port Security interaction that can trigger Port Security to incorrectly add the router MAC address to the MAC table instead of the end device MAC address. What makes it worse is Port Security managed MAC addresses are added to the MAC table as type STATIC (vs DYNAMIC) meaning they won't age out and the only way to clear the bogus entry is to shut or down the affected interface. Our plan is to remove Port Security when migrating from MAB Monitor to MAB Closed mode. With any luck we won't see another occurrence.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: