Hi All, Just came up against a bit of a weird issue and would appreciate some advice/input. Basic environment of two 3800s <c3845-advipservicesk9-mz.124-21a.> operating HSRP and plugging into a layer 2 switch network where servers connect (there are only 2-3 servers attached to two switches at the moment). On the face of it it looks like an ARP issue but unable to confirm and we cant even clear tables til until a maintenance window is arranged but obviously need to do some research. Base config on each 3800 is as follows: interface GigabitEthernet0/0/0.100 encapsulation dot1Q 100 ip vrf forwarding TEST ip address 192.168.23.13x 255.255.255.128 ip nat outside ip virtual-reassembly standby 3 ip 192.168.23.129 standby 3 priority xxx standby 3 preempt standby 3 track GigabitEthernet0/0.200 The issue were seeing is that dead IP addresses in the range is resolving to the same MAC of the HSRP active (the physical interface). Only three of these IP address are live on this VLAN (141-143 - servers are unable to see the network). Any ideas why: a) the interface is holding ARP entries (age is zero) for a large part of this subnet when no devices with these IP are on the network? b) CEF tables shows a (?) against the only ‘real’ server IP addresses on the network. Im assuming a dodgy ARP table will upset the CEF tables. This issue is causing connectivity problems to the servers on this subnet. Looks buggy to me J SydPrimary01#sh ip arp vrf TEST Protocol Address Age (min) Hardware Addr Type Interface Internet 192.168.23.250 - 0023.0470.85c3 ARPA GigabitEthernet0/0/0.100 Internet 10.220.80.33 125 0000.5e00.0165 ARPA GigabitEthernet0/0.231 Internet 10.220.80.46 - 0000.0c07.ac17 ARPA GigabitEthernet0/0.231 Internet 10.220.80..45 - 0023.0470.85c0 ARPA GigabitEthernet0/0.231 Internet 192.168.23.164 - 0023.0470.85c3 ARPA GigabitEthernet0/0/0.100 Internet 192.168.23.163 - 0023.0470.85c3 ARPA GigabitEthernet0/0/0.100 Internet 192.168.23.162 - 0023.0470.85c3 ARPA GigabitEthernet0/0/0.100 Internet 192.168.23.161 - 0023.0470..85c3 ARPA GigabitEthernet0/0/0.100 Internet 192.168.23.160 - 0023.0470.85c3 ARPA GigabitEthernet0/0/0.100 Internet 192.168.23.154 - 0023.0470.85c3 ARPA GigabitEthernet0/0/0.100 Internet 192.168.23.153 - 0023.0470.85c3 ARPA GigabitEthernet0/0/0.100 Internet 192.168.23.152 - 0023.0470.85c3 ARPA GigabitEthernet0/0/0.100 Internet 192.168.23.151 - 0023.0470.85c3 ARPA GigabitEthernet0/0/0.100 Internet 192.168..23.150 - 0023.0470.85c3 ARPA GigabitEthernet0/0/0.100 Internet 192.168.23.144 - 0023.0470.85c3 ARPA GigabitEthernet0/0/0.100 Internet 192.168.23.143 - 0023.0470.85c3 ARPA GigabitEthernet0/0/0.100 Internet 192.168.23.142 - 0023.0470.85c3 ARPA GigabitEthernet0/0/0.100 Internet 192.168.23.141 - 0023.0470.85c3 ARPA GigabitEthernet0/0/0.100 Internet 192.168.23.140 - 0023.0470.85c3 ARPA GigabitEthernet0/0/0.100 Internet 192.168.23.139 - 0023.0470.85c3 ARPA GigabitEthernet0/0/0.100 Internet 192.168.23.138 - 0023.0470.85c3 ARPA GigabitEthernet0/0/0.100 Internet 192.168.23.137 - 0023.0470.85c3 ARPA GigabitEthernet0/0/0.100 Internet 192.168.23.136 - 0023.0470.85c3 ARPA GigabitEthernet0/0/0.100 Internet 192.168.23.135 - 0023..0470.85c3 ARPA GigabitEthernet0/0/0.100 Internet 192.168.23.134 - 0023.0470.85c3 ARPA GigabitEthernet0/0/0.100 Internet 192.168.23.133 - 0023.0470.85c3 ARPA GigabitEthernet0/0/0.100 Internet 192.168.23.132 - 0023.0470.85c3 ARPA GigabitEthernet0/0/0.100 Internet 192.168.23.131 - 0023.0470.85c3 ARPA GigabitEthernet0/0/0.100 Internet 192.168.23.130 - 0023.0470.85c3 ARPA GigabitEthernet0/0/0.100 Internet 192.168.23.129 - 0000.0c07.ac17 ARPA GigabitEthernet0/0/0.100 Internet 192.168.23.128 - 0023.0470.85c3 ARPA GigabitEthernet0/0/0.100 SydPrimary01#sh int gi0/0/0 | i 0023.0470.85c3 Hardware is PM-3387, address is 0023.0470.85c3 (bia 0023.0470.85c3) NPMDS5DAWMDAR01#sh ip cef vrf TEST Prefix Next Hop Interface 0.0.0.0/0 10.220.80.33 GigabitEthernet0/0.231 0.0.0.0/8 drop 0.0.0.0/32 receive 10.136.191.0/24 192..168.23.150 GigabitEthernet0/0/0.100 10.220.80.32/28 attached GigabitEthernet0/0.231 10.220.80.32/32 receive 10.220.80.33/32 10.220.80.33 GigabitEthernet0/0.231 10.220.80.45/32 receive 10.220.80.46/32 receive 10.220.80.47/32 receive 10.220.194.141/32 192.168.23.141 (?) GigabitEthernet0/0/0.100 10.220.194.142/32 192.168.23.142 (?) GigabitEthernet0/0/0.100 10.220.194.143/32 192.168.23.143 (?) GigabitEthernet0/0/0.100 127.0.0..0/8 drop 192.168.23.128/25 attached GigabitEthernet0/0/0.100 192.168.23.128/32 receive 192.168.23.129/32 receive 192.168.23.130/32 receive 192.168.23.131/32 receive 192.168.23.132/32 receive 192.168.23.133/32 receive 192.168.23..134/32 receive 192.168.23.135/32 receive 192.168.23.136/32 receive 192.168.23.137/32 receive 192.168.23.138/32 receive 192.168.23.139/32 receive 192.168.23.140/32 receive 192.168.23.141/32 receive 192.168.23.142/32 receive 192.168.23.143/32 receive 192.168.23.144/32 receive 192.168.23.150/32 receive 192.168.23.151/32 receive 192.168.23.152/32 receive 192.168.23.153/32 receive 192.168..23.154/32 receive 192.168.23.160/32 receive 192.168.23.161/32 receive 192.168.23.162/32 receive 192.168.23.163/32 receive 192.168.23.164/32 receive 192.168.23.250/32 receive 192.168.23.255/32 receive 224.0.0.0/4 drop 224.0.0.0/24 receive 240.0.0.0/4 drop 255.255.255.255/32 receive SydPrimary01#sh ip cef vrf TEST 192.168.23.141 detail 192.168.23.141/32, version 50, epoch 0, receive Cheers, David
__________________________________________________________________________________ Find local businesses and services in your area with Yahoo!7 Local. Get started: http://local.yahoo.com.au _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/