Solved: NX-OSv 9000 how to configure to have dynamic mac address

AnhQuach17557 · ‎08-14-2020

Hi everyone,

I really need help on the learned mac address for Cisco Nexus 9000 running on CML2.0

I have configured VLAN, interface VLAN and switchport access to that VLAN. I also configure "switchport port-security" for the switchport ethernet interface that access to that VLAN.

The servers inside the VLAN can ping each other and the "show ip arp vrf all" did show mac-address of these servers. (see attachment named "nxos9000-ip-arp-vrf-all")

The issue is that "show mac address-table" does NOT have any dynamic mac-addresses. (see attachment named "nxos9000-mac-address-table")

Thanks and regards,

Christopher Hart · ‎08-14-2020

Hello!

It is expected behavior for the Nexus 9000v to not show dynamically-learned MAC addresses through the output of show mac address-table. This is because the device does not integrate the L2FM component (which is where the output of show mac address-table pulls from) with the virtual L2FDWR data plane used by the 9000v. This is documented in the Cisco Nexus 9000v Guide, under the subsection "Table 3 NX-OS System Limitations".

You can use the show system internal l2fwder mac command to display dynamically-learned MAC addresses on the Nexus 9000v platform. Note that this limitation does not exist on physical Nexus gear - it only applies to the Nexus 9000v.

I hope this helps - thank you!

-Christopher

View solution in original post

Christopher Hart · ‎08-14-2020

Hello!

It is expected behavior for the Nexus 9000v to not show dynamically-learned MAC addresses through the output of show mac address-table. This is because the device does not integrate the L2FM component (which is where the output of show mac address-table pulls from) with the virtual L2FDWR data plane used by the 9000v. This is documented in the Cisco Nexus 9000v Guide, under the subsection "Table 3 NX-OS System Limitations".

You can use the show system internal l2fwder mac command to display dynamically-learned MAC addresses on the Nexus 9000v platform. Note that this limitation does not exist on physical Nexus gear - it only applies to the Nexus 9000v.

I hope this helps - thank you!

-Christopher

AnhQuach17557 · ‎08-16-2020

Really appreciate for your useful response, @Christopher Hart

I did see the dynamic mac-address via "show system internal l2fwder mac".

By the way, I need to link a MAC address to the port on which the address was learned using SNMP query.

For instance,

From Step 1, the MAC address is:

1.3.6.1.2.1.17.4.3.1.1.0.0.12.7.172.8 = Hex: 00 00 0C 07 AC 08

From Step 2, the bridge port tells that the MAC address belongs to bridge port number 13:

1.3.6.1.2.1.17.4.3.1.2.0.0.12.7.172.8 = 13

From Step 3, the bridge port number 13 has ifIndex number 2:

1.3.6.1.2.1.17.1.4.1.2.13 = 2

From Step 4, the ifIndex 2 corresponds to port Fast Ethernet 0/1:

ifMIB.ifMIBObjects.ifXTable.ifXEntry.ifName.2 = Fa0/1

Conclusion: The MAC address 00 00 0C 07 AC 08 is learned on port Fa0/1

My current issue is that, even if I see the dynamic mac-address via CLI cmd, I do not see it via SNMP 1.3.6.1.2.1.17.4.3.1.1. The snmp to Dot1dTpFdbEntry only show the static mac-addresses.

snmpwalk -v 2c -c public@401 192.168.168.141 1.3.6.1.2.1.17.4.3.1.1

iso.3.6.1.2.1.17.4.3.1.1.0.0.12.159.241.145 = Hex-STRING: 00 00 0C 9F F1 91
iso.3.6.1.2.1.17.4.3.1.1.82.84.0.14.81.241 = Hex-STRING: 52 54 00 0E 51 F1

switch# show system internal l2fwder mac
Legend:
* - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
age - seconds since last seen,+ - primary entry using vPC Peer-Link,
(T) - True, (F) - False, C - ControlPlane MAC
VLAN MAC Address Type age Secure NTFY Ports
---------+-----------------+--------+---------+------+----+------------------
* 400 5254.001e.3740 dynamic 2d16h F F Eth1/13
* 401 5254.0016.8312 dynamic 00:04:29 F F Eth1/7
G 402 0000.0c9f.f192 static - F F sup-eth1(R)
G 401 0000.0c9f.f191 static - F F sup-eth1(R)
G 402 5254.000e.51f1 static - F F sup-eth1(R)
G 401 5254.000e.51f1 static - F F sup-eth1(R)
G 400 5254.000e.51f1 static - F F sup-eth1(R)
* 402 5254.0015.d4a7 dynamic 00:00:23 F F Eth1/6
G 400 0000.0c9f.f1f3 static - F F sup-eth1(R)
* 400 5254.0002.30dc dynamic 2d15h F F Eth1/9
* 401 5254.0017.3662 dynamic 00:00:24 F F Eth1/3
* 400 5254.0013.2091 dynamic 2d15h F F Eth1/11

Do you know if this is a known issue in Nexus 9000v as well? Does it happen in Nexus 9000 physical hardware?

Thanks and regards,