4500-SUP-V shared mac-address issue....

Unanswered Question
May 22nd, 2008

I have the following issue with a 4506-SUP-V running 12.2(20)EW4.

This is the core switch giving access to internet through a router connected to one of its 10/100/1000Tx interfaces (an internet vlan).

In order to protect the inside network a firewall was inserted (in transparent mode) between this switch and the internet gateway. This part works fine.

In order to manage this firewall (asa5520) we are connecting the dedicated management interface to the same core switch in a management vlan. The problem is that we are having intermittent conectivity due to the fact that all interface Vlans and routed ports in the switch share the same mac-address. Therefore anytime the asa learns an ARP entry from the inside interface (internet vlan) it conflicts with the ARP learned from the management interface because both vlans (management, internet) share the same Mac-address in the switch.

I haven't found a command available to change the mac-address of one of this vlans. mac-address command its not available under interface configuration.

Does anybody know a workaround for this issue?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Edison Ortiz Thu, 05/22/2008 - 09:41

I'm afraid you are facing a limitation in the hardware. A workaround would be using SVI instead of routed ports where you can use the mac-address command.




javiercastro Thu, 05/22/2008 - 09:42

Then, there is not workaround, actually I'm using SVIs, the mac-address command is not available there also!!!

Edison Ortiz Thu, 05/22/2008 - 09:51

Argh !

I don't have a Cat4500 to test the command at the moment but I quickly tested on a Cat6500 which it worked.

Sorry for providing the misinformation. I guess there is no way to do what you want in the Cat4500.



javiercastro Fri, 05/23/2008 - 09:32

Well, I should probably try to manage it through the inside. I don't see any othe solution.

Many thanks


This Discussion