Network Tech II

Brad Sims

<div>
<div class="content wysiwyg-content">
I am trying to troubleshoot an issue we're having with Nexus 9000 switches and an ASA 5585 Firewall. &nbsp;Our network access control software is reporting a machine at an IP address of x.x.107.100. &nbsp;I can't ping that address from behind the firewall or on the user network.<br />
<br />
I looked at some packets from the firewall and my laptop, but just have a question about the Nexus packet flow.<br />
<br />
HSRP is enabled, and my laptop sends the packet to the destination mac 0000.0c07.ac01 (core switch HSRP MAC). &nbsp;Is the Nexus switch supposed to replace this MAC address with a physical MAC address? &nbsp;The firewall sees the packet coming from the active router's physical interface MAC. &nbsp;I thought from CCNA studies that the packet would use that virtual MAC and the HSRP router would sort out (load-balance) once it got the packet back?
</div>
</div>


I am trying to troubleshoot an issue we're having with Nexus 9000 switches and an ASA 5585 Firewall.  Our network access control software is reporting a machine at an IP address of x.x.107.100.  I can't ping that address from behind the firewall or on the user network.

I looked at some packets from the firewall and my laptop, but just have a question about the Nexus packet flow.

HSRP is enabled, and my laptop sends the packet to the destination mac 0000.0c07.ac01 (core switch HSRP MAC).  Is the Nexus switch supposed to replace this MAC address with a physical MAC address?  The firewall sees the packet coming from the active router's physical interface MAC.  I thought from CCNA studies that the packet would use that virtual MAC and the HSRP router would sort out (load-balance) once it got the packet back?

Possible HSRP issue on Nexus 9000 Series Switches

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Cisco

A switch is a device that filters and forwards packets of data between LAN segments. Switches operate at the data link layer or the network layer of the Open Systems Interconnection (OSI) Reference Model and therefore support any packet protocol. LANs that use switches to join segments are called switched LANs or, in the case of Ethernet networks, switched Ethernet LANs. A hub is a connection point for devices in a network. Hubs are commonly used to connect segments of a LAN. A hub contains multiple ports; when a packet arrives at one port, it is copied to the other ports so that all segments of the LAN can see all packets.

Switches / Hubs

Networking is the process of connecting computing devices, peripherals and terminals together through a system that uses wiring, cabling or radio waves that enable their users to communicate, share information and interact over distances. Often associated are issues regarding operating systems, hardware and equipment, cloud and virtual networking, protocols, architecture, storage and management.