CSS 11503 Failover does not send ARP out correctly

salmodov · ‎05-18-2007

I need your wisdom.

Can you tell me about the arp table on the ASA are

there any known issues with it bugs ect? Reason being is we have two public

facing ASA?s in high availability mode. With two netscreen firewalls inside

that and then 2 css11503?s for load balancing,. The issue is when we bounce and failover the CSS?s everything breaks until we clear the arp table on the ASA?s then everything starts working properly. This should not be the behavior of the ASA?s but can you help me understand why that is happening and if there is any thing we can do to fix it. The system needs to be fault tolerant without user

intervention.

So now i find this CSCsi44835?The CSS G-arp issue occurs after a failover when you configure the

ip redundancy master command.

CSCeh44262 - For a CSS in a VIP/Interface redundant

configuration, when a critical service transitioned from DOWN to BACKUP, the

CSS would improperly GARP causing devices to update their ARP tables with

incorrect information.

cssdmz1nrt-cing# show ver

Version: sg0810106 (08.10.1.06)

Flash (Locked): 08.10.1.06

Flash (Operational): 08.10.1.06

Type: PRIMARY

Licensed Cmd Set(s): Standard Feature Set

Gilles Dufour · ‎05-21-2007

your version of code does not have this problem.

You check insert a sniffer between the CSS and the ASA and see if the CSS correctly sends the GARP.

If yes, the problem is on the ASA.

If not, open a service request with the TAC and have the CSS troubleshooted.

Gilles.

Report Inappropriate Content · ‎11-27-2008

Hello,

I have exactly the same problem with 2xCSS11503, but instead an ASA I have a FWSM.

The CSS version is exactly the same. Was this a bug?

Please, can you share with us what was the solution to this issue?

Thank you.