I have a address unknown flooding problem that I would like to solve without involving the server admin or hard coding mac addresses in switches.
A PIX is connected to an Cisco 4500 (layer 2 only) access switch and fronts an âoutsideâ subnet that supports several servers. These servers backup to another server on the âinsideâ subnet of the PIX.
That âinsideâ subnet is one of several secondary subnets assigned to that VLAN and the VLAN is serviced by two upstream routers and an HSRP group.
When an "outsideâ device send its backup data, the PIX sends it directly to the backup server since that server is on the same subnet as the PIX's âinsideâ address. But any reply from the backup server to the âoutsideâ device being backed up goes through the backup server's default gateway which is the HSRP address. Normally the router would send an ICMP redirect to the backup server instructing it to send the response to the PIX but "ICMP redirect is disabled on interfaces with secondary IP address".
I could put a permanent mac address in the switch's forwarding table for the backup server or ask the server admin to install a route for the PIX âoutsideâ subnet but I'd rather use the normal architected processes.
Can I/should I bypass the redirects disabled on interfaces with secondary addresses or have redirects sent for this (PIX âoutsideâ) network only? Or are there other options?