02-25-2012 03:00 PM - edited 03-07-2019 05:11 AM
Hi folks,
my question is all in the subject.
Background.
I've created a BVI2 where I bridged dot11 0.2 and vlan2 in order to have wired and wireless clients in the same vlan.
Some wired client are not reachable from the lan. Wireless clients have no pbl in reaching each other.
How I narrowed down the problem:
Monitoring a MAC address that is supposed to be behind the FA2 I have noticed that it moves to vlan2 when in fact it should be behind the FA2.
Of course when "show mac-address-table" says it is behind Fa2 the ping to that MAC address works whereas when the TCAM reports it is behind vlan2 it doesn't. Once the MAC address is behind the vlan2 if I clear the mac-address-table and that mac-address is still put behinf Fa2 then the pings works again, sometime I have to perform twice the clear command before the MAC address goes back to the right location.
I'd like to understand why the router moves that MAC address from Fa2 to vlan2 and that's the reason for my question in the subject.
I don't have any problems for port Fa0 and Fa1.
"Show int fa2" doesn't show any problem/errors or the likes.
BTW even if I force that MAC address to be statically behind FA2 the ping works fine but then stops and if I do "show mac-add" the static entry for it is still there... so looks like there us something that overrides that static entry. If clear everything and I have the mac-address be behind Fa2 then everything starts to work again. I used Fa3 instead of Fa2 and I get the same results.
Knowing what happens at TCAM level and why would be really precious.
IOS: c870-advipservicesk9-mz.151-3.T1.bin
Thanks in advance,
Alessandro
03-01-2012 10:35 PM
hi alessandro,
is your FE2 interface configured to be under VLAN 2?
could you try issuing the "debug condition mac-address" command?
03-01-2012 11:44 PM
Hi John,
thanks for your interest on this.
The interface Fa2 is under VLAN 2.
I issued the debug you gave me:
Router#debug condition mac-address 001b.fc45.2e58
Condition 4 set
and
Router#sh debug
Condition 1: interface Fa2 (1 flags triggered)
Flags: Fa2
Condition 2: interface Vl2 (1 flags triggered)
Flags: Vl2
Condition 3: interface BV2 (1 flags triggered)
Flags: BV2
Condition 4: mac-address 001b.fc45.2e58 (0 flags triggered)
I keep seeing the flap of the MAC address however I don't see any debug message.
I've notice that there is a pattern in the flaps meaning that, when I ping the host, 5 pings are successful and then 5,6 or 7 fail.
This is not strict, meaning that sometimes the succesfull pings can last for more and the series of failed ones can last for more but what I said above is true 95% of the time.
I don't think is STP because the device is attached only through port Fa2.
I see "Condition 4 set"... do I have then to enable the true debug after the conditions are set?
Many thanks,
Alex
03-02-2012 06:52 AM
Hi Alex,
I tried to run the same debug command on one of our 877 and it doesn't show the same symptom. The MAC address attached on the FE interface stayed on that port.
Could you post your show run (omit sensitve info) and a diagram of your network topology?
Sent from Cisco Technical Support iPhone App
03-02-2012 07:37 AM
Hi John,
I'll gather it asap. Meanwhile I'd like to understand if what you suggested me to do is the really debug or just a constraint to limit the putput of a real debug command. Getting "condition set" looks like setting a constraint but not running a true debug command. I think the conditional debug is used when the amount of log lines can overwhelm the router. In my case with all the debugs I enabled I didn't get any single line that could have given to me info on what's going on my swith-side of the router.
I'm gonna collect the sh run.
Alex
03-25-2012 11:30 PM
Hi all,
eventually I discovered that the command
bridge-group 2 subscriber-loop-control
was enabled on the vlan 2 interface.
After removing it everything started to work like a charm
interface Dot11Radio0.2
encapsulation dot1Q 2 native
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 spanning-disabled
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
end
interface Vlan2
description Internal VLAN
no ip address
bridge-group 2
end
interface BVI2
ip address 10.38.65.14 255.255.255.240
ip virtual-reassembly in
ip tcp adjust-mss 1350
end
bridge irb
bridge 2 route ip
My understanding that such command is needed on wireless interface but not on wired ones.
Thanks all for the help.
Alex
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide