Hello,
facing an issue of one of my CX6405 in a VSX stack not receiving traffic to the switch itself.
VSX config is done between the two chassis, with an ISL (lag256) and a dedicated keepalived link into a dedicated VRF.
Each of them has a vlan interface (vlan 252) with an ip address.
villers01 - 192.168.130.15/24
villers02 - 192.168.130.16/24
Default gateway for both is : 0.0.0.0/0 via 192.168.130.1
In the same VLAN, we have a firewall ( the DG for the switch) with the ip : 192.168.130.1
From villers02 we can ping the DG
From villers01 we see that the packet arrives on the firewall, but no answer in the return.
The two chassis are behind a network managed by the service provider. They are connected to a CISCO Fabric.
Interface LAG 14 multi-chassis with 2 members :
- villers01 : 1/4/48
- villers02 : 1/4/48
VSX configuration on villers01 :
vsx
system-mac 00:00:00:02:02:02
inter-switch-link lag 256
role primary
keepalive peer 192.168.99.2 source 192.168.99.1 vrf KeepAlived
vsx-sync aaa acl-log-timer bfd-global bgp copp-policy dhcp-relay dhcp-server dns icmp-tcp lldp loop-protect-global mac-lockout mclag-interfaces neighbor ospf qos-global route-map sflow-global snmp ssh stp-global time vsx-global
ip route 0.0.0.0/0 192.168.130.1
VSX configuration on villers02:
vsx
system-mac 00:00:00:02:02:02
inter-switch-link lag 256
role secondary
keepalive peer 192.168.99.1 source 192.168.99.2 vrf KeepAlived
vsx-sync aaa acl-log-timer bfd-global bgp copp-policy dhcp-relay dhcp-server dns icmp-tcp lldp loop-protect-global mac-lockout mclag-interfaces neighbor ospf qos-global route-map sflow-global snmp ssh stp-global time vsx-global
ip route 0.0.0.0/0 192.168.130.1
We have on another site, exactly the same configuration. And we don't have this behaviour.
Only thinks that i can see is some differences into the routing table on VSX :
For the functional site :
**************************
herstal01 :
sw-chassis-her01# show vsx ip route
IPv4 Forwarding Routes
'[x/y]' denotes [distance/metric]
0.0.0.0/0, vrf default
via 192.168.140.1, [1/0], static on sw-chassis-her01
via 192.168.140.1, [1/0], static on sw-chassis-her02
192.168.140.0/24, vrf default
via vlan1700, [0/0], connected on sw-chassis-her01
via vlan1700, [0/0], connected on sw-chassis-her02
192.168.140.173/32, vrf default
via vlan1700, [0/0], local on sw-chassis-her01
192.168.140.174/32, vrf default
via vlan1700, [0/0], local on sw-chassis-her02
herstal 02 :
sw-chassis-her02# show vsx ip route
IPv4 Forwarding Routes
'[x/y]' denotes [distance/metric]
0.0.0.0/0, vrf default
via 192.168.140.1, [1/0], static on sw-chassis-her02
via 192.168.140.1, [1/0], static on sw-chassis-her01
192.168.140.0/24, vrf default
via vlan1700, [0/0], connected on sw-chassis-her02
via vlan1700, [0/0], connected on sw-chassis-her01
192.168.140.173/32, vrf default
via vlan1700, [0/0], local on sw-chassis-her01
192.168.140.174/32, vrf default
via vlan1700, [0/0], local on sw-chassis-her02
For the site with the issue :
villers01 :
sw-chassis-villers01# show vsx ip route
IPv4 Forwarding Routes
'[x/y]' denotes [distance/metric]
0.0.0.0/0, vrf default
via 192.168.130.1, [1/0], static on sw-chassis-villers02
192.168.130.0/24, vrf default
via vlan252, [0/0], connected on sw-chassis-villers01
192.168.130.15/32, vrf default
via vlan252, [0/0], local on sw-chassis-villers01
192.168.130.16/32, vrf default
villers02 :
sw-chassis-villers02# show vsx ip route
IPv4 Forwarding Routes
'[x/y]' denotes [distance/metric]
0.0.0.0/0, vrf default
via 192.168.130.1, [1/0], static on sw-chassis-villers01
192.168.130.0/24, vrf default
via vlan252, [0/0], connected on sw-chassis-villers02
192.168.130.15/32, vrf default
192.168.130.16/32, vrf default