Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
801
Views
0
Helpful
6
Replies

4500 VSS Issue/Question

Go to solution
Ryan Curry
Level 1
Level 1

‎12-10-2013 12:06 PM - edited ‎03-07-2019 05:01 PM

So I've run into an issue where I have two 4500 VSS pairs attached to the same shared network segment (a MPLS/Metro Ethernet mesh).  Aside from these two devices, I have 8 other routers also on that segment which don't seem to be affected by this anomoly.  When I bring up the interfaces connected to that shared segment on both VSS switches, both sites start to drop packets and connectivity is horrible after the OSPF adjacency completes; when I shut down the link to the shared segment on either of the VSS switches everything goes back to normal.  I've also tested puting an internediary switch between the shared segment and one of the VSS switches and everything works as expected in that scenario.

What I realized is this: I have both of these VSS switches on virtual domain 1 and was wondering if this could be the cause of the issue.  Part of me thinks it shouldn't since the link to the shared segment is a L3 interface and, IMO, the VSS domain shouldn't play a part in the OSPF process (the other part of me says I shouldn't have two domain 1s on the segment).

My other thought is that I'm running into a bug and may need to update the code on one or both of the 4500 pairs.

Any insight into this matter is much appreciated!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Ryan Curry

‎12-10-2013 01:39 PM

Ryan

It may be a problem with the virtual mac address allocation. Have you got -

"mac-address use-virtual"

in your config. If you have the domain ID is used to generate unique mac addresses per VSS pair. If you do, see this link for workarounds -

http://www.labminutes.com/blog/2012/12/cisco-6500-vss-domain-id-and-virtual-mac-address

Jon

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎12-10-2013 12:56 PM

Ryan

How does the topology look ? Are you using etherchannels on the VSS switches to connect to the shared segment. If so then see this section from the 6500 VSS Campus design guide where it states that connecting VSS pairs together requires a separate domain ID -

http://www.cisco.com/en/US/docs/solutions/Enterprise/Campus/VSS30dg/VSS-dg_ch2.html#wp1055911

If this applies to your topology i would look to change the domain ID before upgrading the IOS.

Note - i appreciate it is the 6500 VSS guide but i suspect the same applies to the 4500.

Jon

0 Helpful

Go to solution
Ryan Curry
Level 1
Level 1
In response to Jon Marshall

‎12-10-2013 01:14 PM

Thanks for the reply Jon, these two VSS switches are attached to the PE switches via a single physical L3 copper interface so there is no MEC in that mix.  I'll check out the design guide and see if something jumps out at me.  I'm currently going through my inventory to see if I can find a few 4500s to conduct some testing with as well.

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Ryan Curry

‎12-10-2013 01:33 PM

Ryan

these two VSS switches are attached to the PE switches via a single physical L3 copper interface so there is no MEC in that mix.

Yes that was what i was wondering. There may well be other protocols  that Cisco haven't mentioned in the design guide though, but they do seem to be mainly concerned with MEC.

Jon

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Ryan Curry

‎12-10-2013 01:39 PM

Ryan

It may be a problem with the virtual mac address allocation. Have you got -

"mac-address use-virtual"

in your config. If you have the domain ID is used to generate unique mac addresses per VSS pair. If you do, see this link for workarounds -

http://www.labminutes.com/blog/2012/12/cisco-6500-vss-domain-id-and-virtual-mac-address

Jon

0 Helpful

Go to solution
Ryan Curry
Level 1
Level 1
In response to Jon Marshall

‎12-10-2013 02:21 PM

Jon, you are a God among men - this is exacly my issue.  I validated by looking at the arp table from neighboring devices and sure enough they have the same address.  This totally explains the symptoms I was seeing.  I'm going to go into the non-critical site and change the domain number.

I GREATLY appreciate your input since I've been working this issue for the past two weeks.

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Ryan Curry

‎12-10-2013 02:31 PM

Ryan

I think changing the domain ID is the right way to go because you never know what other problems it could cause down the line.

Glad to have helped.

Jon

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card