cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4364
Views
0
Helpful
6
Replies

L2 Etherchannel and ARP

Hello,

I have a special setup with two 2960 switches connected through 2 links in a portchannel group (see the enclosed diagram)setup.png

In-between there are transparent devices. They have no effet on the LACP negociation and the PortChannel is fully operationnal between the switches.

The thing is that sometimes those devices do ARP requests which are sometimes not answered because the switch loadbalance the reply!

Basically I have 50% chance of working.

I tried several load balancing algorithm but it doesn't matter: the switch forward the ARP request to the unit 1's mac address which is "located" on the portchannel logical interface (when I do a 'show mac address-table dynamic')...

Is there a way to force the response to take the same way?

Thanks in advance!

Cheers

6 Replies 6

schaef350
Level 1
Level 1

So unit X is configured to read and transmit the traffic it generates on VLAN 72 with tags?

Not 100% sure but you may be able to statically enter the mac's of the "units" in the swich table to the physical interface rather than Port chan interface.  Just guessing there...

- Be sure to rate all helpful posts

- Be sure to rate all helpful posts

So unit X is configured to read and transmit the traffic it generates on VLAN 72 with tags?

No, sorry I should have removed the VLANs from my diagram. They do not help to understand my problem which is VLAN-independant. However, VLAN 72 is the adsministrative VLAN for the Unit {1-4}. VLAN 2 and 4 and "operationnal" VLANs.

Not 100% sure but you may be able to statically enter the mac's of the "units" in the swich table to the physical interface rather than Port chan interface.  Just guessing there... 

Good guess but I've already tried this with the following command:

mac address-table static hardware-address vlan xx interface name

However the command is rejected since the interface is part of an etherchannel group...

When I display the dynamic mac address table, it shows that the MAC address of unit 1 is on the logicial portchannel interface...!

Thanks again!

Cheers

Gabriel Hill
Level 1
Level 1

Hello Jacques,

So the 2960 go through the transparent devices to connect through the port-channel?

With that kind of setup, there really is not anything you can do to force ARP replies/requests to come back on the same interface. I do not see how that would cause you to lose ARP packets though, since the replies/requests should get there no matter what.

What are the transparent devices?

You could make two separate port-channels between the 2960's, one through each UNIT device. Then you could make one port-channel for certain vlans via spanning-tree, and other vlans preferred on the other port-channel, this would ensure you the packets take the same path (SW = UNIT = SW), though it would still load balance between ports in the port-channel.

Hello Gabriel,

So the 2960 go through the transparent devices to connect through the port-channel? 

Yes exactly. The setup is similar (but the same as) to: http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.1_19_ea1/configuration/guide/swtunnel.html#wp1018775

With that kind of setup, there really is not anything you can do to force ARP replies/requests to come back on the same interface.

That's what I was afraif of...

 I do not see how that would cause you to lose ARP packets though, since the replies/requests should get there no matter what.

I do not loose the ARP answers, they simply do not take the same way as the request... The problem is that the MAC address of the devices are located on the logicial portchannel interface (and not the physical one), i.e. when I do a "show mac address-table dynamic".

What are the transparent devices?

They are special VPN devices. Basicallt they encrypt everything that comes from the "sensitive side" (except pure layer-2 frames, for example ARP, LACP, etc.) i.e. all that comes from the switch. Between the units there is a WAN.

You could make two separate port-channels between the 2960's, one through each UNIT device.

You mean two portchannels with only one interface for each one of them?

Thanks again!

Cheers

Hello Jacques,

Sorry for the late reply, do not remember getting notified that you wrote back.

Does your transparent devices have the ability to connect two interfaces from the 3750's? My thought with the separate port-channels would only work if your transparent devices could support something like the following:

SW1    /=====Port-channel 1 ==Unit 1 ----- Unit 2 ======Port-channel 1 ==== \    SW2
           \=====Port-channel 2 ==Unit 3 ----- Unit 4 ====== Port-channel 2 ==== /    

Hope you can make out that diagram. SW1 would have two port-channels (each port-channel with two interfaces going to each transparent device). With that setup, you can adjust spanning-tree to ensure what path would be taken.

Cheers,
Gabriel

Hello Gabriel,

It is my turn to apologize for my late reply! I do have seen your reply but writing on a Greek island with a 3" screen during my holidays wasn't so easy

Unfortunately the transparent devices only have 2 ports (in and out basically) so your setup can't be done...

I think I simply need to review my design to meet my requirements...

Again, thanks for the time you took.

Cheers,

Review Cisco Networking for a $25 gift card