08-16-2013 11:29 AM
Has anyone successfully used an MLX in a one-armed routing configuration? With a recent change we've run into problems that don't seem like they should be occurring.
So we have the following setup
MLX-1 ------- MLX-2 ------- FCX------Firewall
building 1 -----building 2 ----- building 3
The MLX systems have VEs set up for VLANs associated with that building and VRRP-E VEs set up for VLANs that exist in both buildings.
The FCX system is not doing any routing nor does it have interfaces beyond its management interface.
Dirt simple static routing, all done by the MLXes, except for internet traffic which goes to our main firewall, and things destined for 10.88.8.0/24, which go to an internal use firewall that is connected to the FCX.
Traffic going from anything in building 1 or 2 can get to anywhere. Traffic going from things connected to the FCX can talk to anything EXCEPT for
Things connected to the FCX mostly have ip addresses in vlans that have interfaces on the MLXes. Those systems and systems that are behind the firewall have the problem. Communication that ends up going out the FCX so that it can reach the MLX and be routed back to the FCX and sent to the firewall that is connected to the FCX and on to its destination doesn't function.
It's a limited problem, but still a pretty huge problem.
Anyone know if there's a command I'm missing here or any idea of what's happening? Is one of the systems doing some sort of loop detection that isn't working out the way I suspect it should?
Interestingly and confoundingly, it all works fine when there's a Cisco 4500 with the VLANs tagged on it (no interfaces on those vlans) between the MLX-2 and the FCX.