Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

New Member

NAC 4.1 bridge loop occurs when both CAS NICs enabled

I'm in the implementation phase of NAC 4.1.0.2 (OOB VGW with 3 HA CAS pairs and 1 HA CAM pair). I recently moved all 8 servers from a 2950 that I was using for testing to the 6509. Ever since, I've been experiencing an ARP storm when both eth0 and eth1 are plugged in on any of the second two CAS pairs. The trunk-allowed statements are all correct--they are pruning the vlans that are active on the other interface of that CAS.

I didn't experience any bridge loops when the servers were connected to the 2950.

6509 is running 12.2.18SXD7 and all interfaces are plugged into the same blade (only one copper blade in chassis).

Here's an example of a switch port config for both ends of the CAS on the 6509. 299 is the management VLAN for NAC.

[interface that CAS3, eth0 is attached]

description ***CCA CAS3 Trusted***

no ip address

switchport

switchport trunk allowed vlan 2-99,299

switchport mode trunk

no cdp enable

[interface that CAS3 eth1 is attached]

description ***CCA CAS3 Untrusted***

no ip address

switchport

switchport trunk allowed vlan 300-399

switchport mode trunk

no cdp enable

Any ideas?

Dave

8 REPLIES
Bronze

Re: NAC 4.1 bridge loop occurs when both CAS NICs enabled

Did you make sure you followed the guide step by step...

I faced this issue before, and you really had to unplug the trusted if until you finish and apply vlan mapping... otherwise you will most probably consider re-imaging the CAS...

Regards,

New Member

Re: NAC 4.1 bridge loop occurs when both CAS NICs enabled

Thanks for the info. I've been (incorrectly?) unplugging the UNtrusted nic while applying all of the vlan mappings. If I've been misreading all of those docs this entire time, I'm going to be really upset. I'll try unplugging the trusted instead of the untrusted and see if I have better results.

Thanks,

Dave

Bronze

Re: NAC 4.1 bridge loop occurs when both CAS NICs enabled

You will have to unplug the untrust not the trust. you will use the trust interface to connect the CAS to the CAM...

Regards,

New Member

Re: NAC 4.1 bridge loop occurs when both CAS NICs enabled

In that case, that is what I have done... I even deleted the CAS pair out of the CAM and re-added it (with the untrusted side unplugged). No joy.

New Member

Re: NAC 4.1 bridge loop occurs when both CAS NICs enabled

Hey Dave,

try setting each interface's native vlan to thier own respective setting. CAS3 eth0 to native vlan 998, CAS3 eth1 to native vlan 999

New Member

Re: NAC 4.1 bridge loop occurs when both CAS NICs enabled

I'll give that a shot this week. Thanks for the idea...

New Member

Re: NAC 4.1 bridge loop occurs when both CAS NICs enabled

I set the native vlans on the trusted side of all of the CASes and still get the same problem. The untrusted side doesn't really have a native vlan since clients get placed in about 40 different vlans, so I left that side unset.

Any other ideas?

Dave

New Member

Re: NAC 4.1 bridge loop occurs when both CAS NICs enabled

Hi Dave

per documentation from Cisco, it says to configure the trusted/untrusted VGW (OOB/IB) CAS ports on different native vlans.

161
Views
0
Helpful
8
Replies
CreatePlease to create content