We are using HSRP with our Cisco 881 routers connected with single switch as per topology attached. A strange thing happened today. A sudden packet loss appears in the network. I login to the primary router. I pinged all the devices and Internet from primary router and it was OK. I did the same practice with secondary one and every thing was OK. But there is one thing I noticed. I didnt see PC mac-addresses in the mac-address table (Show mac-address) but the entries for the PCs exist in the ARP table and they can be ping. Even when I ping the cam table didnt update. "Show standby" also shows the right information. I shut down the secondary link and then CAM table of the primary started filling up and packet loss disappeared. Can any one help me to figure out what could possibly cause this and what is required to check in such conditions.
Are the interfaces on the router L3 or is there a build in switch? If the interfaces are L3, there will not be a mac address table, only ARP. A mac address table is used by an L2 switch to determine where the mac address resides. However, if the interface is L3 then no mac address table is required because you know what interface that host is based on the IP address.
You will need your ARP entry so you know what dest mac to put in the packet but you will not need an entry in your mac address table. Sounds like expected behavior. Was there ever an entry in your mac address table?
Hope that helps!
The interfaces are not L3 they are SVI interfaces (VLAN IF) therefore MAC address table should be populated along with Arp both. During the issue I tried to ping PC IPs and they are ping able, enteries are there in Arp table but MAC address table is not populated with PC MACs. When shut down secondary interfaces and then ping again each IP the mac address started to fill in the CAM table. Once all the MAC addresses are filled I enable secondary interface.
Thanks for the info. Did you see anything in your log at the time (show log)? Any issues with spanning-tree (show spanning-tree detail)?
I checked "show logging". There was nothing abnormal. In Huawei equipment there is one command to see the loop which is "display mac-address flapping record". Is there any such command in Cisco to check the loop. I checked the standby operation and it was working fine. If there would have been spanning tree issue, then HSRP status should be changed and it should reflect log. Correct me If I am wrong. But thats a very strange behavior. Everything is stable for last three months and then suddenly something happened. Have you seen such kind of case before that if MAC-address table is not populated and arp table is populated. If yes what could be possible reason.
Usually that is an indication that spanning-tree is unstable. Whenever you get a spanning-tree TCN, you will flush your mac table. If you were flushing your mac table over and over, it might seem like you were not learning macs when really you were learning macs just flushing them right away.
There is no command that I know of to check mac flaps, they should just be logged to your log if you have it set to the right level. You might have to enable mac address flaps logging.
mac address-table notification mac-move
mac address-table notification change
Unfortunately, this won't help you now since the event has passed but you might want to enable these in case it happens again.
Hope that helps!
Thanks for your response. I didnt find mac-address notifications command in my versions.
Cisco IOS Software, C860 Software (C860-UNIVERSALK9-M), Version 15.0(1)M8, RELEASE SOFTWARE (fc1)
Cisco IOS Software, C880 Software (C880DATA-UNIVERSALK9-M), Version 15.0(1)M3, RELEASE SOFTWARE (fc2)
Moreover I also need your help, In my show spanning tree command it doesnt show any topology change.
VLAN10 is executing the ieee compatible Spanning Tree protocol
Bridge Identifier has priority 32768, address a44c.yyyyyy
Configured hello time 2, max age 20, forward delay 15
Current root has priority 32768, address 6c50.xxxxxx
Root port is 3 (FastEthernet2), cost of root path is 19
Topology change flag not set, detected flag not set
Number of topology changes 1 last change occurred 11w0d ago
Times: hold 1, topology change 35, notification 2
hello 2, max age 20, forward delay 15
Timers: hello 0, topology change 0, notification 0, aging 300
Port 3 (FastEthernet2) of VLAN10 is forwarding
Port path cost 19, Port priority 128, Port Identifier 128.3.
Designated root has priority 32768, address 6c50.xxxxxx
Designated bridge has priority 32768, address 6c50.xxxxxx
Designated port id is 128.50, designated path cost 0
Timers: message age 1, forward delay 0, hold 0
Number of transitions to forwarding state: 1
BPDU: sent 11, received 12941009