I'm running into a little issue on a Catalyst 6500 with a Supervisor 720-10G which previously used to work when I configured this on a Supervisor 720. We have an IPS module installed within a Catalyst 6500 and I would like to route traffic through the IPS. If the IPS fails the routing protocol will redirect traffic a different way. The IPS is configured to bridge between a VLAN pair. One of the VLAN is configured as an SVI in the global routing table and the other SVI is configured as part of the VRF. Both VLANS are given an IP address within the same IP subnet. EIGRP is then run between two EIGRP processes one defined in the global routing table and one defined within the vrf.
The problem I normally run into is that as two VLANS are bridged together, both with defined SVI interface. The interfaces cannot speak to each other as they have the same MAC address (as do all SVI interfaces on a 6500). I normally change the mac address assigned to the SVI within the VRF to be a little different and everything works. The ARP table and mac-address table all show the changed has worked but no communication. EIGRP will not form an adjacency and you cannot ping between the two interfaces. The IPS works fine as if I put a PC in the VLAN protected by the IPS (the VLAN with an SVI defined as part of the vrf) I can ping all the interfaces.
Does anybody have any idea why the two SVI interfaces cannot ping each other and why EIGRP will not come up. I'm convinced it's something to do with the way the mac address is assigned to the SVI.
Quick config snipit
ip vrf IPS
description unprotected vlan
ip address 192.168.0.1 255.255.255.0
description IPS protected vlan
ip vrf forwarding IPS
ip address 192.168.0.2 255.255.255.0
router eigrp 100
address-family ipv4 vrf IPS