Problems with bridging VLANs

Unanswered Question
Sep 14th, 2010

Hello,

I have another tricky thing:

Please see my example network design attached!

I have two VLANs (100 and 200). Normally, I would only have clients of type B and router interfaces in VLAN 200. The client traffic (originating in VLAN 100) has to go accross tha WAN optimizer, to get to their gateway 10.0.0.1, which is in VLAN 200. The purpose of this design is, to optimize traffic transparently. The WAN optimizer bridges between the two VLANs (it has an access port in each VLAN).

But there are clients, whose traffic must not be optimized (type A). So I decided to give the routers an address in VLAN 100. The traffic doesn't need to cross the WAN optimizer, because their gateway is in the same VLAN.

Now, users complain about speed problems. I think, one of the problems is, that the router subinterfaces (Fa0/1.100 and Fa0/1.200) share the same MAC address. As the VLANs are bridged, the MAC address will flap between two ports, I guess.

Please don't complain about my design I won't put the clients of type A into another VLAN, because then the different clients could not use the same switchports (which is required!).

Two questions:

a) What exactly is my problen?

b) How can I solve it?

My first approach to a solution is to deny a certain MAC address on a certain switchport. But which, and where?

Thanks a lot for your help!

Edit: The switch is a Cisco 2960 with one of the latest IOS.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
rtjensen4 Tue, 09/14/2010 - 13:10

That shouldn't be an issue. The MACs are in different VLANs, so it should be OK.

On my 4507s, I use "mac address-table notification mac-move" to create a log entry when a mac moves. might be useful if that's what you think is happening.

Who's reporting slowness? People going through the WAN optimizer or people bypassing it?

sebastian.lemke Tue, 09/14/2010 - 23:23

rtjensen4 schrieb:

The MACs are in different VLANs, so it should be OK.

(...)

Who's reporting slowness? People going through the WAN optimizer or people bypassing it?

Yes, they are in different VLANs, but the WAN optimizer is bridging between these VLANs. It's like patching a crossover cable from an access port in VLAN 100 to an access port in VLAN 200.

On the switch, I see the following log message:

01:04:30: %RTD-1-ADDR_FLAP: FastEthernet0/2 relearning 40 addrs per min

Both types of users are complaining.

Any ideas?

rtjensen4 Wed, 09/15/2010 - 05:18

O ok. That does seem to be a pickle...

Thinking about it a bit more, if they're using the HSPR virtual IP, there shouldn't be a MAC problem in regards to the gateway address, HSPR assigns a virtual non-unique MAC for each group.

0000.0c07.ac, so if you're using HSRP group 20, MAC for the virtual IP would be: 0000.0c07.ac20.

Maybe there's an issue with the HSRP?

What does the output of the "Show standby" show? Do both routers see each other as active/standby?

sebastian.lemke Wed, 09/15/2010 - 07:04

The HSRP setup works fine (both routers see each other).

The HSRP virtual MAC addresses are unique for each group, but the HSRP hello packets do not use these MAC adresses. The hello packets use the physical MAC addresses of the appropriate interface. The physical MAC addresses are the same for each subinterface (Fa0/1.100 and Fa0/1.200) and you can't change them.

Actions

This Discussion

Related Content