Possible HSRP issue on Nexus 9000 Series Switches

Brad Sims, CCNA
Brad Sims, CCNA used Ask the Experts™
on
I am trying to troubleshoot an issue we're having with Nexus 9000 switches and an ASA 5585 Firewall.  Our network access control software is reporting a machine at an IP address of x.x.107.100.  I can't ping that address from behind the firewall or on the user network.

I looked at some packets from the firewall and my laptop, but just have a question about the Nexus packet flow.

HSRP is enabled, and my laptop sends the packet to the destination mac 0000.0c07.ac01 (core switch HSRP MAC).  Is the Nexus switch supposed to replace this MAC address with a physical MAC address?  The firewall sees the packet coming from the active router's physical interface MAC.  I thought from CCNA studies that the packet would use that virtual MAC and the HSRP router would sort out (load-balance) once it got the packet back?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Sr.Net.Eng
Top Expert 2011
Commented:
No that is correct. Traffic flow TOWARDS the hsrp group of devices will have a destination MAC of the Virtual Mac Address, but traffic flowing BACK to the end host or device communicating with the hsrp pair will have a source MAC address of the active HSRP device.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial