Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

CEF-MLS problems on MSFC2 (Missing CEF entries)

We have various nodes on our network experiencing routing problems.

Reverse routed packets to various nodes are being passed to our Internet Firewall instead of the correct Vlan.

Taking a look at the CEF (show ip cef) table for MSFC1 the nodes experiencing the problems do not have their IP addresses in the CEF table.

Also we have missing Arp entries for the MSFC1's HSRP addresses in MSFC2. (We have implemented a temporary fix by running a batch file on the affected nodes to ping MSFC1's IP address for that subnet (not the HSRP address) to keep the CEF table populated.

Both our MSFC's are running IOS Version 12.1(4)E1

If I ping a non-existent node (ie not active) on a valid subnet being routed by our MSFC the packet is sent to our gateway of last resort (Internet Firewall)

Using tracert I would expect to see a time out once the packet hit the MSFC. I am, however, seeing a TTL expiration due to it going to the firewall.

If I ping a active device on that subnet it is correctly routed.

Anyone seen this problem.

I think it is similar to the bug report CSCdr35304 but want to be sure.

Regards

Barry Hart

1 REPLY
New Member

Re: CEF-MLS problems on MSFC2 (Missing CEF entries)

Hi Barry,

MSFC running 12.1.4E1 may run into this bug CSCds89040. You should upgrade to 12.1(8a)E5 definetly. If you have sup2, try 6.3(3).

105
Views
0
Helpful
1
Replies