Forum Discussion

adiezma_1656's avatar
adiezma_1656
Icon for Nimbostratus rankNimbostratus
Dec 28, 2011

Problems about mac-masquerade implementation

Hi,

 

we suspect that we´re having mac-masquerade problems on our Production F5.

I explain the problem:

 

 

 

1-We created a new vlan on our f5.

 

2-After this, we configured a mac-masquerade* on it.

 

3-Then, we configured a physical IP address (self-ips) and fa loating one for this vlan.

 

4-Finally, we executed pings from a PC, placed on this new vlan, to the floating ip address, and it didn´t work.

 

5-After testing several changes on F5 configuration, we changed the mac-masquerade, and..... surprise!!!!! it worked!!!!!....

 

6-Besides, we changed mac-masquerade again to the first mac-masquerade* and .....

 

it went on working!!!!

 

 

 

Would you mind helping us to find a reasonable explanation?....

 

 

 

 

 

 

Regards.

 

A. Diezma.

 

 

 

Additional clue: We executed "tcpdump" on F5 and we saw the message "....(oui known)"...or something like that. Sorry for the mess, but we couldn´t capture the result of this command :-(

 

 

 

 

 

  • Hi,

     

     

    Which MAC address did you pick?

     

     

    sol7214: Configuring MAC masquerading

     

    http://support.f5.com/kb/en-us/solutions/public/7000/200/sol7214.html

     

     

    sol3523: Choosing a unique Media Access Control (MAC) address for MAC masquerade

     

    http://support.f5.com/kb/en-us/solutions/public/3000/500/sol3523.html

     

     

    Did you clear the ARP cache on connected switches when you enabled masquerading?

     

     

    Aaron
  •  

    Mac-masquerade= 0:1:0:2:31:8

     

     

    Yes, we cleared the ARP cache on connected switches when you enabled masquerading.

     

     

    Best Regards

     

     

  • OUI unknown just indicates that the first half of the MAC address wasn't recognized by tcpdump. I don't think that is a factor in the issue.

     

     

    I imagine the best way to troubleshoot this would be to retry the process during a maintenance window. You could open a proactive case with F5 Support to have an engineer on a Webex while you test.

     

     

    Aaron