my question is all in the subject.
I've created a BVI2 where I bridged dot11 0.2 and vlan2 in order to have wired and wireless clients in the same vlan.
Some wired client are not reachable from the lan. Wireless clients have no pbl in reaching each other.
How I narrowed down the problem:
Monitoring a MAC address that is supposed to be behind the FA2 I have noticed that it moves to vlan2 when in fact it should be behind the FA2.
Of course when "show mac-address-table" says it is behind Fa2 the ping to that MAC address works whereas when the TCAM reports it is behind vlan2 it doesn't. Once the MAC address is behind the vlan2 if I clear the mac-address-table and that mac-address is still put behinf Fa2 then the pings works again, sometime I have to perform twice the clear command before the MAC address goes back to the right location.
I'd like to understand why the router moves that MAC address from Fa2 to vlan2 and that's the reason for my question in the subject.
I don't have any problems for port Fa0 and Fa1.
"Show int fa2" doesn't show any problem/errors or the likes.
BTW even if I force that MAC address to be statically behind FA2 the ping works fine but then stops and if I do "show mac-add" the static entry for it is still there... so looks like there us something that overrides that static entry. If clear everything and I have the mac-address be behind Fa2 then everything starts to work again. I used Fa3 instead of Fa2 and I get the same results.
Knowing what happens at TCAM level and why would be really precious.
Thanks in advance,
is your FE2 interface configured to be under VLAN 2?
could you try issuing the "debug condition mac-address" command?
thanks for your interest on this.
The interface Fa2 is under VLAN 2.
I issued the debug you gave me:
Router#debug condition mac-address 001b.fc45.2e58
Condition 4 set
Condition 1: interface Fa2 (1 flags triggered)
Condition 2: interface Vl2 (1 flags triggered)
Condition 3: interface BV2 (1 flags triggered)
Condition 4: mac-address 001b.fc45.2e58 (0 flags triggered)
I keep seeing the flap of the MAC address however I don't see any debug message.
I've notice that there is a pattern in the flaps meaning that, when I ping the host, 5 pings are successful and then 5,6 or 7 fail.
This is not strict, meaning that sometimes the succesfull pings can last for more and the series of failed ones can last for more but what I said above is true 95% of the time.
I don't think is STP because the device is attached only through port Fa2.
I see "Condition 4 set"... do I have then to enable the true debug after the conditions are set?
I tried to run the same debug command on one of our 877 and it doesn't show the same symptom. The MAC address attached on the FE interface stayed on that port.
Could you post your show run (omit sensitve info) and a diagram of your network topology?
Sent from Cisco Technical Support iPhone App
I'll gather it asap. Meanwhile I'd like to understand if what you suggested me to do is the really debug or just a constraint to limit the putput of a real debug command. Getting "condition set" looks like setting a constraint but not running a true debug command. I think the conditional debug is used when the amount of log lines can overwhelm the router. In my case with all the debugs I enabled I didn't get any single line that could have given to me info on what's going on my swith-side of the router.
I'm gonna collect the sh run.
eventually I discovered that the command
bridge-group 2 subscriber-loop-control
was enabled on the vlan 2 interface.
After removing it everything started to work like a charm
encapsulation dot1Q 2 native
bridge-group 2 subscriber-loop-control
bridge-group 2 spanning-disabled
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
description Internal VLAN
no ip address
ip address 10.38.65.14 255.255.255.240
ip virtual-reassembly in
ip tcp adjust-mss 1350
bridge 2 route ip
My understanding that such command is needed on wireless interface but not on wired ones.
Thanks all for the help.