Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3217
Views
0
Helpful
4
Replies

Split horizon configuration problem.

Go to solution
feableee123
Level 1
Level 1

‎09-02-2013 04:57 AM

Hello,

I have ASR 9000 and some wimax AP. There is problem with communication between client antenas ( hosts behind antenas).

Clients doesnt have problem with communication to Internet.

There are some Access Points - each one with different vlan, to make all clients cpe's work in one subnet I put off vlans on ASR subinterface

and bind all connections to route interface BVI1 - whitch have helper address configured to my dhcp server.

DHCP SERWER ---- (ASR 9k) - subinterfaces g0/1/0/1.10- ---- Wimax AP (vlan 10) - client CPE

                                                  -subinterfaces g0/1/0/1.11- ---- Wimax AP (vlan 11) - client CPE 

                                                  - subinterfaces g0/1/0/1.12- ---- Wimax AP (vlan 12) - client CPE                         

interface GigabitEthernet0/1/0/1.10 l2transport

encapsulation dot1q 10

rewrite ingress tag pop 1 symmetric

interface GigabitEthernet0/1/0/1.11 l2transport

encapsulation dot1q 11

rewrite ingress tag pop 1 symmetric

interface GigabitEthernet0/1/0/1.12 l2transport

encapsulation dot1q 12

rewrite ingress tag pop 1 symmetric

interface BVI1

ipv4 helper-address vrf default 192.168.100.1

ipv4 address x.x.x.x 255.255.252.0    ( 4 subnets, one mask and gateway)

l2vpn

bridge group Wireless

  bridge-domain w-max

   mac

    aging

     time 600

    !

   !

   interface GigabitEthernet0/1/0/1.10

    split-horizon group

interface GigabitEthernet0/1/0/1.11

    split-horizon group

interface GigabitEthernet0/1/0/1.12

    split-horizon group

routed interface BVI1

Strange is that with split-horizon configured cpe get IP address from  dhcp, without split horizon cpe cant connect to dhcp-serwer -strange,

with split-horizon cpe can get IP and has Internet access but cant connect to other cpe's.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
xthuijs
Cisco Employee
Cisco Employee
In response to feableee123

‎09-12-2013 12:26 PM

AC's in the SAME split horizon group can't talk to each other, so that is correctly working.

If 2 devices in the same subnet want to talk with each other, they will ARP for the other's address, since they are in teh same SHG, that arp is not seen from one host to another.

The gateway does receive the ARP but says, hmm in local subnet, I dont need to respond and this is also not for me anyway. So that is also correct.

What you may need to configure on the gateway intf is (local)proxy arp for the GW to respond to arp requests even if they are in the local subnet and even if they are not for him.

That way all sub to sub or AC to AC traffic will go via the gateway.

regards

xander

View solution in original post

0 Helpful
4 Replies 4

Go to solution
feableee123
Level 1
Level 1

‎09-03-2013 01:18 AM

I did some troubleshooting and found some interesting facts about configuration and how make it work - partly.

On all subinterfaces I have also configured mirroring - to log connections. The configuraiton is like below:

interface GigabitEthernet0/1/0/1.10 l2transport

encapsulation dot1q 10

rewrite ingress tag pop 1 symmetric

monitor-session monitor11 direction rx-only

interface GigabitEthernet0/1/0/1.11 l2transport

encapsulation dot1q 11

rewrite ingress tag pop 1 symmetric

monitor-session monitor11 direction rx-only

interface GigabitEthernet0/1/0/1.12 l2transport

encapsulation dot1q 12

rewrite ingress tag pop 1 symmetric

monitor-session monitor11 direction rx-only

I din`t mention it in previous configuration, I thought it has no meaning.

When It is configured - I cant ping or connect any device behind any subinterface ( still can connect Internet), when remove from interface and remove split-horizon - It Works.

Is that a bug? 

Still dont understand why hosts (with split-horizon) cant connect each other via gateway which is root in split horizon topology?

0 Helpful

Go to solution
xthuijs
Cisco Employee
Cisco Employee
In response to feableee123

‎09-12-2013 12:26 PM

AC's in the SAME split horizon group can't talk to each other, so that is correctly working.

If 2 devices in the same subnet want to talk with each other, they will ARP for the other's address, since they are in teh same SHG, that arp is not seen from one host to another.

The gateway does receive the ARP but says, hmm in local subnet, I dont need to respond and this is also not for me anyway. So that is also correct.

What you may need to configure on the gateway intf is (local)proxy arp for the GW to respond to arp requests even if they are in the local subnet and even if they are not for him.

That way all sub to sub or AC to AC traffic will go via the gateway.

regards

xander

0 Helpful

Go to solution
feableee123
Level 1
Level 1
In response to xthuijs

‎09-12-2013 11:46 PM

Thanks Alexander,

So if I understand correctly, only way hosts can talk with each other within one big subnet is:

- remove split-horizon 

- configure proxy-arp

I have also question about "bug" with port monitor feature when split-horizon is not configured:

When removing split-horizon, everything is working unless I configure monitor session on all Subinterfaces. When configured then there is no connection to hosts - strange.  But with split-horizon on and monitor session on everything is working.

Is that correct ?

0 Helpful

Go to solution
xthuijs
Cisco Employee
Cisco Employee
In response to feableee123

‎09-13-2013 05:59 AM

that is correct, either no split horizon to allow AC to AC connectivity or with split horizon you would need (local) proxy arp

for the gateway to provide an ARP response from one host to another that normally cant see each other due to SH.

the absence of SHG's and applying port monitor to span traffic should not affect your operation obviously.

I suspect arp punting or flooding being an issue, if this is a problem I would file a TAC case and have it investigated as this should work.

cheers!

xander

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents