Ping reply failing(~25%) due to mac-address-table losing entry - Cisco Community

2371

Views

0

Helpful

6

Replies

I have 2 6500 running in VSS. Connected to it is one 4500 with PAgP port-channel with 4 links(no problems)

I also have a 4948 with 2 GB links in a PAgP MEC coming back to the VSS pair, machines connected to this switch are the ones having issues.

When I check the table entry for the MAC of a machine on that switch, I get varied responses. See below. (these were all executed within 2 seconds)

Occasionnaly nothing will appear, then somtimes both Sups have the entry and then sometime one sup has the primary entry and the other doesnt.

However, when looking at this same mac entry for something on the 4500's it will always be consistent with both sup's haivng the primary entry(one anomoly being that Age shows 60 on one Sup typically),

Any Idea? I do have global mac-sync on and have increased the activity time to 640.

DC-Core#sh mac-address-table address 0022.1963.ac8a all
Legend: * - primary entry
age - seconds since last seen
n/a - not available

vlan   mac address     type    learn     age              ports
------+----------------+--------+-----+----------+--------------------------
Supervisor switch 1 Module 5
     1 0022.1963.ac8a   dynamic Yes          0   Po33
Supervisor switch 2 Module 5
*    1 0022.1963.ac8a   dynamic Yes          0   Po33

DC-Core#sh mac-address-table address 0022.1963.ac8a all
Legend: * - primary entry
age - seconds since last seen
n/a - not available

vlan   mac address     type    learn     age              ports
------+----------------+--------+-----+----------+--------------------------
Supervisor switch 1 Module 5
*    1 0022.1963.ac8a   dynamic Yes          0   Po33
Supervisor switch 2 Module 5
*    1 0022.1963.ac8a   dynamic Yes          0   Po33

DC-Core#sh mac-address-table address 0022.1963.ac8a all
Legend: * - primary entry
age - seconds since last seen
n/a - not available

vlan   mac address     type    learn     age              ports
------+----------------+--------+-----+----------+--------------------------
Supervisor switch 1 Module 5
*    1 0022.1963.ac8a   dynamic Yes          0   Po33
Supervisor switch 2 Module 5
*    1 0022.1963.ac8a   dynamic Yes          0   Po33

DC-Core#sh mac-address-table address 0022.1963.ac8a all
Legend: * - primary entry
age - seconds since last seen
n/a - not available

vlan mac address type learn age ports
------+----------------+--------+-----+----------+--------------------------
No entries present.

DC-Core#sh mac-address-table address 0022.1963.ac8a all
Legend: * - primary entry
age - seconds since last seen
n/a - not available

vlan   mac address     type    learn     age              ports
------+----------------+--------+-----+----------+--------------------------
Supervisor switch 1 Module 5
*    1 0022.1963.ac8a   dynamic Yes          0   Po33
Supervisor switch 2 Module 5
*    1 0022.1963.ac8a   dynamic Yes          0   Po33

DC-Core#

6 Replies 6

Hi Josh,

Could you post a diagram of your setup as well as confirm what modules you have running in both chassis and the IOS version.

Based on your initial post not sure if you have seen this link to the VSS Deployment Best Practice guide @

http://www.cisco.com/en/US/products/ps9336/products_tech_note09186a0080a7c837.shtml#misc

The last note in there states

"

Configure the MAC aging timer to three times the MAC synchronization timer value.

The default MAC synchronization and MAC aging timers can cause unknown unicast flooding. VSS can cause traffic to flow asymmetrically such that the source MAC address is only learned on one chassis. The MAC aging timer of 300 seconds and MAC synchronization timer of 160 seconds allows for up to 20 seconds of unknown unicast flooding for any given MAC address in a 320 second interval. In order to resolve this, change the timers such that the aging timer is three times as long as synchronization timer, for example, mac-address-table aging-time 480 .

"

HTH. Thx

Version 12.2(17r)SX6

Catalyst 6509 both running - Supervisor Engine 720 10GE (VS-S720-10G) in a VSS pair.

I have one fiber link on gi1/1/33 and one on gi2/1/33 in a PAgP etherchannel, connected directly to a 4948.

Everything seems fine other than there is serious packet loss and when I lookup a MAC entry of one of the hosts on the 4948, I get a sort of "flapping" where it will answer one second, and then it will disappear.. over and over within seconds of each other.

Logs and SPT debugs have nothing in them relating.

Hi Josh,

I have definetly not worked on VSS that much but I do believe that VSS support was introduced only after 12.2(33)SXH1. This is further supported by the info on this doc "http://www.cisco.com/en/US/products/ps9336/products_tech_note09186a0080a7c74c.shtml#hw_sw"

Thx

Yeah my bad.. accidentally grabbed the ROMMON Version.

Version 12.2(33)SXH8 is the IOS.

Currently I am confident in the IOS version, switch hardware and configuration of the VSS bundle... I set it up from a blank set of 6500's so I know exactly what they are configured(not) for. Also, I have a 4500 that is connected to it with the exact same PAgP port configuration(although with 4x links rather than 2x) and it stores all mac-table information just as you would normally expect.

So after some more digging I see that there was a port(not sure whats connected to it yet) on an access switch connected to the 4500's causing major STP topology changes(every few seconds_.. I shut the port down.. now the changes have subsided and MAC table is sticking entries as it should.

Time to do some investigation...

Thanks for any comments.

Learn, share, save

Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.

New here? Get started with these tips. How to use Community New member guide

Log in to Community

Review Cisco Networking for a $25 gift card