A lot of Mac ... moved from interface1 to interface2 messages
We have the following setup:
A catalyst6500 12.2(33)SXI6 with a FWSM 3.2(18) and an ASA5585 8.4.3(9) connected, plus the same a second time with HSRP on the catalyst and Active/Standby on both firewalls.
The FWSM and ASA have both several Contextes configured, all in transparent mode. Each Context has a Bridge Group configured with two vlans, on the firewall called inside and outside.
Since we have some first Context on the new ASA we have some short outages of all network traffic a few times a day. After searching through the firewall logs, I discovered at exactly that time an Event 412001 with the mac address of the SVI of the Catalyst. This always takes 30 seconds on the ASA. First the mac is moved from outside (where it should be) to inside and then after 30 seconds back to outside.
After I've found that, I also checked the FWSM logs and actually also found this error. The only difference was that the FWSM takes under 1 second to move the mac twice. Thus the users and systems doesn't register this issue.
I'm open for ideas now. I've tried now to set the mac-address-table timeout to 720 minutes on the ASA, just to see if that helps.
Some other information:
- the SVI on the Cat exist only for the outside (it's HSRP IP is the clients primary gateway)
- the SVI is in this example 1140
- the outside on the ASA is bound to vlan 1140, the inside to vlan 140
- vlan 1140 is only known to the Catalyst in the rest of the network
Here an output of the catalyst:
6509R-1250#sh mac add | inc 0000.0c07.ac00 !!!!!!!output filtered for only vlan 140 and 1140, Po100 is the connection to ASA
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...