mac address seen on interface, but I can't figure out why

mcow · ‎11-14-2023

we recieved a report that a user is seeing timeouts on a server. we couldn't find where the issue was, but when I was digging into where the server was connected some things looked odd.

I don't see anywhere on switch 2 module 6 where po11 is configured. po11 does go to a distribution switch, then goes to an access switch where the mac is visible. so the first 2 entries below make sense as po11 is configured on switch 1 and switch 2 on module 2. thoughts?

6509#
6509#sh arp | i xxx.xxx.180.232
Internet  xxx.xxx.180.232         0   bc30.5bf5.f344  ARPA   Vlan180
6509#
6509#
6509#sh mac add add bc30.5bf5.89dc                 
Legend: * - primary entry
        age - seconds since last seen
        n/a - not available

  vlan   mac address     type    learn     age              ports
------+----------------+--------+-----+----------+--------------------------
switch 1 Module 2:
*  180  bc30.5bf5.89dc   dynamic  Yes          0   Po11
switch 2 Module 2:
*  180  bc30.5bf5.89dc   dynamic  Yes          0   Po11
switch 2 Module 6:
*  180  bc30.5bf5.89dc   dynamic  Yes        230   Po11

6509#

3750>
3750>sh mac add add bc30.5bf5.89dc
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
 180    bc30.5bf5.89dc    DYNAMIC     Gi1/0/8
Total Mac Addresses for this criterion: 1
3750>

MHM Cisco World · ‎11-14-2023

this VSS?

mcow · ‎11-14-2023

yes, sorry, forgot to mention that in the original.

f00z · ‎11-14-2023

It doesn't work like that (like po11 not being configured there). Each forwarding ASIC (THE DFC on 6509) on the line cards has a copy of the mac address table and it has a copy of the interface table and it knows that the exit point is Po11 (even though it's[the port] not configured on that module). So this is just showing the copies of it that various DFC modules have.

mcow · ‎11-15-2023

So do it make sense that when I do a show mac table that the only additional entry displayed is switch 2 module 6? Just curious why the other modules are not displayed.

6509>sh module 
Mod Ports Card Type                              Model              Serial No.
--- ----- -------------------------------------- ------------------ -----------
  1    4  CEF720 4 port 10-Gigabit Ethernet      WS-X6704-10GE      SAL1515B07A
  2    4  CEF720 4 port 10-Gigabit Ethernet      WS-X6704-10GE      SAL1130VRZA
  3    4  CEF720 4 port 10-Gigabit Ethernet      WS-X6704-10GE      SAL1515B0AZ
  4    4  CEF720 4 port 10-Gigabit Ethernet      WS-X6704-10GE      SAL1438U00V
  5    5  Supervisor Engine 720 10GE (Active)    VS-S720-10G        SAL14017RRZ
  6   48  CEF720 48 port 10/100/1000mb Ethernet  WS-X6748-GE-TX     SAL08517NPU
  8   24  CEF720 24 port 1000mb SFP              WS-X6724-SFP       SAL1708ZGYA
  9   24  CEF720 24 port 1000mb SFP              WS-X6724-SFP       SAL1248B579

Mod MAC addresses                       Hw    Fw           Sw           Status
--- ---------------------------------- ------ ------------ ------------ -------
  1  c89c.1dc1.3708 to c89c.1dc1.370b   3.2   12.2(14r)S5  12.2(33)SXJ1 Ok
  2  0019.3036.b06c to 0019.3036.b06f   2.6   12.2(14r)S5  12.2(33)SXJ1 Ok
  3  6400.f12c.f500 to 6400.f12c.f503   3.2   12.2(14r)S5  12.2(33)SXJ1 Ok
  4  1cdf.0f2b.cafc to 1cdf.0f2b.caff   3.3   12.2(14r)S5  12.2(33)SXJ1 Ok
  5  001e.4a7e.cc10 to 001e.4a7e.cc17   3.4   8.5(4)       12.2(33)SXJ1 Ok
  6  0012.80c7.3fd0 to 0012.80c7.3fff   2.1   12.2(14r)S5  12.2(33)SXJ1 Ok
  8  e02f.6d55.d01c to e02f.6d55.d033   5.1   12.2(18r)S1  12.2(33)SXJ1 Ok
  9  0021.a0b3.fc78 to 0021.a0b3.fc8f   3.3   12.2(18r)S1  12.2(33)SXJ1 Ok

Mod  Sub-Module                  Model              Serial       Hw     Status 
---- --------------------------- ------------------ ----------- ------- -------
  1  Distributed Forwarding Card WS-F6700-DFC3C     SAL1211JCWJ  1.0    Ok
  2  Distributed Forwarding Card WS-F6700-DFC3C     SAL150350WG  1.8    Ok
  3  Distributed Forwarding Card WS-F6700-DFC3C     SAL1506701F  1.4    Ok
  4  Distributed Forwarding Card WS-F6700-DFC3C     SAL1628GF9L  1.5    Ok
  5  Policy Feature Card 3       VS-F6K-PFC3C       SAL14017S2Q  1.2    Ok
  5  MSFC3 Daughterboard         VS-F6K-MSFC3       SAL14017QAA  5.2    Ok
  6  Distributed Forwarding Card WS-F6700-DFC3C     SAL1222SHM5  1.0    Ok
  8  Distributed Forwarding Card WS-F6700-DFC3C     SAL12437D4H  1.0    Ok
  9  Distributed Forwarding Card WS-F6700-DFC3C     SAL1248BBGT  1.1    Ok

Mod  Online Diag Status 
---- -------------------
  1  Pass
  2  Pass
  3  Pass
  4  Pass
  5  Pass
  6  Pass
  8  Pass
  9  Pass
6509>

MHM Cisco World · ‎11-15-2023

VSL connect via which Module ?

mcow · ‎11-15-2023

Module 5

6509#show swit virtual link detail 
VSL Status : UP
VSL Uptime : 4 years, 33 weeks, 3 days, 23 hours, 6 minutes
VSL SCP Ping : Pass
VSL ICC Ping : Pass
VSL Control Link : Te1/5/5  

  LMP summary

    Link info:        Configured: 2        Operational: 2

                            Peer Peer          Peer   Peer      Timer(s)running
Interface Flag State        Flag MAC           Switch Interface (Time remaining)
--------------------------------------------------------------------------------
Te1/5/4   vfsp operational  vfsp 0017.df20.f800 2      Te2/5/4   T4(448ms)
                                                                 T5(59.97s) 
Te1/5/5   vfsp operational  vfsp 0017.df20.f800 2      Te2/5/5   T4(448ms)
                                                                 T5(59.97s)

f00z · ‎11-15-2023

Most likely because that VLAN is configured on that module (i.e. some port on the module has this vlan configured) somewhere and not on the others. If you don't need massive mac addr scale, the whole platform works better when the macs are synchronized (config mode command mac address-table synchronize ). This makes sure the mac address are synched to all the DFCs , where without it they are not and only learned locally from a host. This allows for huge MAC addr scale because each DFC can have separate MAC addr , but also causes a lot of issues depending on how the network is built. If no need for huge MAC addr scale (i.e. like 64k+ mac addrs ) then synchronizing it reduces unicast flooding and other issues if you have vlans spanning multiple DFC.

Each DFC is basically another instance of the forwarding module (PFC/MSFC)

mcow · ‎11-15-2023

Thanks for the explanations. That helps with my understanding. It must be something else because I don't see that vlan anywhere on that module.

!
6509#sh int status | i connected

Gi2/6/5      			connected    trunk      a-full a-1000 10/100/1000BaseT
Gi2/6/10     			connected    31         a-full a-1000 10/100/1000BaseT
Gi2/6/11     			connected    trunk      a-full a-1000 10/100/1000BaseT
Gi2/6/40     			connected    trunk      a-full a-1000 10/100/1000BaseT
Gi2/6/48                        connected    routed     a-full a-1000 10/100/1000BaseT

6509#sh run int g2/6/5          
Building configuration...

Current configuration : 284 bytes
!
interface GigabitEthernet2/6/5
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 1000
 switchport trunk allowed vlan 226,890,891,893,895,898
 switchport mode trunk
 logging event link-status
 channel-group 19 mode on
end

6509#
6509#sh run int g2/6/10
Building configuration...

Current configuration : 188 bytes
!
interface GigabitEthernet2/6/10
 switchport
 switchport access vlan 31
 switchport mode access
 logging event link-status
 udld port
end

6509#sh run int g2/6/11
Building configuration...

Current configuration : 373 bytes
!
interface GigabitEthernet2/6/11
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 1000
 switchport trunk allowed vlan 700,705,710,715,720,725,730,735,740,745,750-758
 switchport trunk allowed vlan add 760,765,770,775,780,790
 switchport mode trunk
 logging event link-status
 udld port
end

6509#sh run int g2/6/40 
Building configuration...

Current configuration : 285 bytes
!
interface GigabitEthernet2/6/40
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 1000
 switchport trunk allowed vlan 226,890,891,893,895,898
 switchport mode trunk
 logging event link-status
 channel-group 19 mode on
end

6509#sh run int g2/6/48
Building configuration...

Current configuration : 86 bytes
!
interface GigabitEthernet2/6/48
 no switchport
 no ip address
 ip flow ingress
end

f00z · ‎11-15-2023

It's just the way the platform works, maybe something on the module is sending data to the other module svi when the vlan isn't configured, or you have a trunk port with no allowed vlan (i.e. allows all), or VSL or something of the sort. Do you have mac address synchronize enabled? It really should be unless like i said you need ridiculous mac addr scale.

Possibly there's SVI on one of the other vlans that's routing and sending traffic to the other vlan SVI so it inserts the mac addr. THere are many reasons why it has it in the table, and it's not a bad thing, it's normal for it to be there. But if you are having strange connectivity issues try enabling mac sync (too many problems without it enabled imo), pretty sure this is default on newer code (like sup2t +)