cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
427
Views
0
Helpful
2
Replies

CAS Cluster Secondary cannot reach gateway

chrisgarcia99
Level 1
Level 1

I've got CAS applianaces I just upgraded to 4.6.1; issue was also present in 4.3.1. The CAS are configured in a L2 OOB configuration, with a management vlan. The management gateway is made up of 3 routers running hsrp.

The primary, non-service IP is always available via the network, when the device A is active. The secondary, device B, is sometimes not reachable from the gateway. If I attempt to ping the gateway from the secondary, I get ping timeouts; if I run an arp -a, the arp table shows the gateway is reachable via:

at 00:01:02:03:04:05 [ether] PERM on fake0

A show arp on the active hsrp router shows the correct mac for the secondary, but the secondary is not reachable, until I perform an extended ping on the active hsrp router, to the secondary, sourced as the hsrp standby ip address, the gateway.

Any ideas what's causing this, and how to resolve, so the secondary can always reach the gateway?

2 Replies 2

Faisal Sehbai
Level 7
Level 7

Chris,

This might be best tackled in a TAC case. What I can tell you though is that on the CAS the arp is not in the same place you'd expect. arp -a doesn't list the arp entries, but they're kept in separate tables for the internal and external interfaces.

Check out the /proc/click/intern_arpq/table for the untrusted side arp table and /proc/click/extern_arpq/table for the trusted interface's arp table.

HTH,

Faisal

Thanks,

I've opened a TAC case.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: