12-06-2017 05:52 AM - edited 03-08-2019 01:01 PM
Hi guys,
We had an issue with our Cat4506 with Sup8-e. Whenever we did a firewall failover, connectivity was lost to a certain part of the network. After some digging around with a consultant, we found the error ->
sh platform hardware ip route ipv4 network 192.168.1.0 255.255.255.0
09:27:38 § 000764: v4 192.168.1.0/24 --> vrf: SCADA (9)
09:27:39 § adjStats: true fwdSel: 2 Dug: 0 mrpf: 0 (None) fwdIdx: 0 ts: 0
09:27:39 § adjIndex: 47860 vlan: 64 port: Po64 (1160)
09:27:39 § fwdCtrl: 5 cpucode: 3 sifact4: FwdToCpu sifact6: FwdToCpu
09:27:39 § sa: 00:08:E3:FF:FC:04 da: A2:A4:0E:00:00:0A
09:27:39 §
09:27:39 § 000773: v4 192.168.1.0/24 --> vrf: DSO (5)
09:27:39 § adjStats: true fwdSel: 2 Dug: 0 mrpf: 0 (None) fwdIdx: 0 ts: 0
09:27:39 § adjIndex: 47904 vlan: 65 port: Po20 (1116)
09:27:39 § fwdCtrl: 5 cpucode: 3 sifact4: FwdToCpu sifact6: FwdToCpu
09:27:39 § sa: 00:08:E3:FF:FC:04 da: A2:A4:0E:00:00:0E
09:27:31 § 000772: v4 192.168.1.0/24 --> vrf: DSO (5)
09:27:31 § adjStats: true fwdSel: 2 Dug: 0 mrpf: 0 (None) fwdIdx: 0 ts: 0
09:27:31 § adjIndex: 47804 vlan: 65 port: Po63 (903)
09:27:31 § fwdCtrl: 5 cpucode: 3 sifact4: FwdToCpu sifact6: FwdToCpu
09:27:31 § sa: 00:08:E3:FF:FC:04 da: A2:A4:0E:00:00:0E
09:27:31 §
09:27:31 § 000773: v4 192.168.1.0/24 --> vrf: SCADA (9)
09:27:31 § adjStats: true fwdSel: 2 Dug: 0 mrpf: 0 (None) fwdIdx: 0 ts: 0
09:27:31 § adjIndex: 47858 vlan: 64 port: Po10 (850)
09:27:31 § fwdCtrl: 5 cpucode: 3 sifact4: FwdToCpu sifact6: FwdToCpu
09:27:31 § sa: 00:08:E3:FF:FC:04 da: A2:A4:0E:00:00:0A
Routing back from vrf: SCADA, was forwarded out the wrong port, Po10. I should have been forwarded out Po20 like the DSO vrf.
Can someone elaborate on the output, which part of the switch are we looking into and have could this issues have been detected? Could cef-table consistency tjek have helped?
Best regards,
Michael
08-02-2019 01:41 PM - edited 08-02-2019 01:48 PM
Let me know if this is still an issue. We can discuss this further. We encountered exactly same scenario month back. Spent 1 month T shooting checkpoint fail-over that turn out to be problem with Cisco 4500x
08-04-2019 11:53 PM
We resolved the issue - it was due to a firmware bug, that were caused when SVI's was terminate in a VRF.
What I'm seeking is an explanation for the CMDlets, and more details about this level of troubleshooting.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide