Here is the issue. We have two companies currently merging together. Each has a core switch architecture consisting of a 3750 Stack. Traditionally they would have been connected via a DMZ Firewall infrastructure, like so:
Company A LAN <> 3750-A-Stack <> Firewall A <> DMZ <> Firewall B <> 3750-B-Stack <> Company B LAN
The companies have introduced a direct uplink between the Stacks on a VLAN 400. Static routes point between the stacks for connectivity for various common services.
Company A LAN <> 3750-A-Stack <> 3750-B-Stack <> Company B LAN
Both routes between Company A & B are in place and services are being migrated via static routes. Each company has its seperate EIGRP domain which are not redistributed into each other. All routing between the companies is conducted via static routes.
As part of the inter-company email service integration, there was a requirement to provide connectivity between Company A's Exchange Server and Company B's Exchange Server. This connection was to be provisioned via the Firewalls/DMZ network and NOT via the direct link.
Here are some useful addresses:
Company A VLAN 400 IP Address - 172.17.0.9/22
Company B VLAN 400 IP Address - 172.17.0.11/22
Company A Internal Firewall Address - 172.17.0.43/22
Company B Internal Firewall Address - 10.0.10.1/24
Company A Exchange Server - 172.17.1.30/22
Company B Exchange Server - 10.3.185.19/25
The following static route was applied on Company B's stack:
ip route 172.17.1.30 255.255.255.255 10.0.10.1
As soon as this static was introduced devices on the Company A LAN began receiving conflicting arp entries for the Company A Exchange Server.
Some were receiving the correct MAC address (i.e. AAAA.AAAA.AAAA), but some were receiving the following MAC address - f025.72b6.e145. This MAC address is the virtual MAC for VLAN400 on Company B's Switch Stack.
Vlan400 is up, line protocol is up
Hardware is EtherSVI, address is f025.72b6.e145 (bia f025.72b6.e145)
Description: Company A LAN
Internet address is 172.17.0.11/22
Removing the static route resolved the issue.
I would like to know what the best way of resolving this issue is. Is this a common proxy-arp issue? If so, will turning proxy-arp off on VLAN 400 on Company B's stack fix the issue? What impact will this have on other services? VLAN 400 is the main VLAN for Company A. Company B just uses an address on VLAN 400 for interconnectivity.
Whats the best way to resolve this problem? Your help would be appreciated.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...