05-03-2013 08:14 AM - edited 03-07-2019 01:09 PM
Hello,
I have a special setup with two 2960 switches connected through 2 links in a portchannel group (see the enclosed diagram)
In-between there are transparent devices. They have no effet on the LACP negociation and the PortChannel is fully operationnal between the switches.
The thing is that sometimes those devices do ARP requests which are sometimes not answered because the switch loadbalance the reply!
Basically I have 50% chance of working.
I tried several load balancing algorithm but it doesn't matter: the switch forward the ARP request to the unit 1's mac address which is "located" on the portchannel logical interface (when I do a 'show mac address-table dynamic')...
Is there a way to force the response to take the same way?
Thanks in advance!
Cheers
05-03-2013 06:43 PM
So unit X is configured to read and transmit the traffic it generates on VLAN 72 with tags?
Not 100% sure but you may be able to statically enter the mac's of the "units" in the swich table to the physical interface rather than Port chan interface. Just guessing there...
- Be sure to rate all helpful posts
05-06-2013 12:37 AM
So unit X is configured to read and transmit the traffic it generates on VLAN 72 with tags?
No, sorry I should have removed the VLANs from my diagram. They do not help to understand my problem which is VLAN-independant. However, VLAN 72 is the adsministrative VLAN for the Unit {1-4}. VLAN 2 and 4 and "operationnal" VLANs.
Not 100% sure but you may be able to statically enter the mac's of the "units" in the swich table to the physical interface rather than Port chan interface. Just guessing there...
Good guess but I've already tried this with the following command:
mac address-table static hardware-address vlan xx interface name
However the command is rejected since the interface is part of an etherchannel group...
When I display the dynamic mac address table, it shows that the MAC address of unit 1 is on the logicial portchannel interface...!
Thanks again!
Cheers
05-04-2013 08:32 AM
Hello Jacques,
So the 2960 go through the transparent devices to connect through the port-channel?
With that kind of setup, there really is not anything you can do to force ARP replies/requests to come back on the same interface. I do not see how that would cause you to lose ARP packets though, since the replies/requests should get there no matter what.
What are the transparent devices?
You could make two separate port-channels between the 2960's, one through each UNIT device. Then you could make one port-channel for certain vlans via spanning-tree, and other vlans preferred on the other port-channel, this would ensure you the packets take the same path (SW = UNIT = SW), though it would still load balance between ports in the port-channel.
05-06-2013 12:48 AM
Hello Gabriel,
So the 2960 go through the transparent devices to connect through the port-channel?
Yes exactly. The setup is similar (but the same as) to: http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.1_19_ea1/configuration/guide/swtunnel.html#wp1018775
With that kind of setup, there really is not anything you can do to force ARP replies/requests to come back on the same interface.
That's what I was afraif of...
I do not see how that would cause you to lose ARP packets though, since the replies/requests should get there no matter what.
I do not loose the ARP answers, they simply do not take the same way as the request... The problem is that the MAC address of the devices are located on the logicial portchannel interface (and not the physical one), i.e. when I do a "show mac address-table dynamic".
What are the transparent devices?
They are special VPN devices. Basicallt they encrypt everything that comes from the "sensitive side" (except pure layer-2 frames, for example ARP, LACP, etc.) i.e. all that comes from the switch. Between the units there is a WAN.
You could make two separate port-channels between the 2960's, one through each UNIT device.
You mean two portchannels with only one interface for each one of them?
Thanks again!
Cheers
05-09-2013 08:30 PM
Hello Jacques,
Sorry for the late reply, do not remember getting notified that you wrote back.
Does your transparent devices have the ability to connect two interfaces from the 3750's? My thought with the separate port-channels would only work if your transparent devices could support something like the following:
SW1 /=====Port-channel 1 ==Unit 1 ----- Unit 2 ======Port-channel 1 ==== \ SW2
\=====Port-channel 2 ==Unit 3 ----- Unit 4 ====== Port-channel 2 ==== /
Hope you can make out that diagram. SW1 would have two port-channels (each port-channel with two interfaces going to each transparent device). With that setup, you can adjust spanning-tree to ensure what path would be taken.
Cheers,
Gabriel
05-21-2013 02:11 AM
Hello Gabriel,
It is my turn to apologize for my late reply! I do have seen your reply but writing on a Greek island with a 3" screen during my holidays wasn't so easy
Unfortunately the transparent devices only have 2 ports (in and out basically) so your setup can't be done...
I think I simply need to review my design to meet my requirements...
Again, thanks for the time you took.
Cheers,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide