Solved: Hi RenanThank you for your

lpl · ‎05-26-2014

Hi,

We have two VSS clusters interconnected via a trunk allowing two VLANs.

Both VSS clusters have an SVI for both VLANs.

Problem is that I cannot ping the IP address of SVI cluster number one from number two and vice & versa.

However I can ping a PC connected to cluster number two from cluster number one in the same VLAN.

If I try to ping the same PC from cluster number two specifying another source, it fails...

I have noticed that the MAC address used for the SVI on both cluster is the same.... I believe this is the problem.

Here is the output:

Cluster one:

Vlan50 is up, line protocol is up
Hardware is Ethernet SVI, address is 0008.e3ff.fd90 (bia 0008.e3ff.fd90)
Description: Infoblox
Internet address is 10.30.0.2/24

Cluster two:

Vlan50 is up, line protocol is up
Hardware is Ethernet SVI, address is 0008.e3ff.fd90 (bia 0008.e3ff.fd90)
Description: Infoblox
Internet address is 10.30.0.3/24

As a result of this, here is a strange STP output: (show spanning-tree vlan 50 from Cluster number two)

VLAN0050
Spanning tree enabled protocol rstp
Root ID    Priority    8242
             Address     0008.e3ff.fd90
             Cost        230038
             Port        2561 (Port-channel1)
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority    16434 (priority 16384 sys-id-ext 50)
             Address     0008.e3ff.fd90
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
             Aging Time 300 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi1/2/5             Desg FWD 20000     128.133 P2p
Po1                 Root FWD 20000     128.2561 P2p
Po3                 Desg FWD 20000     128.2563 P2p
Po4                 Desg FWD 20000     128.2564 P2p

We can see that the Bridge ID is the same as the Root ID although this bridge IS NOT THE ROOT

Is there a way to change the MAC address of the SVI with IOS-XE, Version 03.05.02.E

mclarenh · ‎10-01-2014

Don't know if you got anything from TAC on this, but...

I've had a similar problem where two 4500-X VSS clusters had the same MAC address. As you might imagine this made life interesting when it came to trying to elect a root bridge with STP :-o

The root cause of the problem was that both clusters were configured with the same virtual switch domain. By default the router MAC address is generated based on this virtual domain (mac-address use-virtual).

I'm guessing that you used virtual switch domain 100, as it's exactly the same MAC as I had - I googled the MAC address and it brought me here!

Rebuilding the VSS cluster with a different virtual switch domain changed the MAC and resolved the issue.

Tucked away in the VSS documentation is this little nugget of wisdom:

The virtual switch domain is a number between 1 and 255, and must be unique for each VSS in your network (the domain number is incorporated into various identifiers to ensure that these identifiers are unique across the network.) [emphasis added]

HTH

--hugh

View solution in original post

Renan Abreu · ‎05-26-2014

Hi Louis,

Not sure if it changed for new SUPs, but in old SUPs you could not change the mac-address from 4500 switches.

If they're in VSS what I recommend you is to use the command "mac-address use-virtual" when configuring VSS.

switch virtual domain 1
switch mode virtual
switch 1 priority 255
mac-address use-virtual

What you could maybe try is to configure an HSRP address so it would use a virtual mac (Not sure if this one would work, it would be better to use first option).

lpl · ‎05-26-2014

Hi Renan

Thank you for your reply.

Actually, Each VSS cluster has already been configured with "mac-address use-virtual".

I don't think it is related to VSS setup, the problem is that VSS clusters cannot talk to each other because they use the same Mac address for their respective SVI.

About HSRP, they have successfully negotiated their active-standby role (between both clusters). However I cannot ping the virtual address from the standby cluster...

Additional information: All the 4500-E chassis (and their supervisors) are part from the same order delivered at the customer by Cisco. I believe their come from the same Production line, from the factory, it is probably why they have the same MAC address.

I have opened a TAC case and will wait for their feedback on this.

I'll update this post with Cisco input.

Kind regards,

mclarenh · ‎10-01-2014