GLBP+Portchannel problem

eyazhuk · ‎06-14-2018

Hello everybody, pending for advise.

Hardware layout:
Two 2851 routers, connected to stacked 3750 via cross-stack portchannel.
2851 work in router-on-a-stick configuration with several subinterfaces running GLBP.

Problem is: 2851 can ping each other, but don't see each other's GLBP hello packets.

They do send thise packets - I can see it via debug on 2851 and via packet capture made on server, connected to 3750 in the same VLAN. But don't get other's packets somehow.

I have created inbound ACL's on 2851 interfaces to see, if any packets recieved on port 3222, but no matches.

It ends with every 2851 as active GLBP router and virtual MAC flaspping on 3750:

Jun 14 19:17:53.525 CAS: %SW_MATM-4-MACFLAP_NOTIF: Host 0007.b402.0901 in vlan 521 is flapping between port Po23 and port Po24
Jun 14 19:18:08.541 CAS: %SW_MATM-4-MACFLAP_NOTIF: Host 0007.b402.0901 in vlan 521 is flapping between port Po23 and port Po24
Jun 14 19:18:23.540 CAS: %SW_MATM-4-MACFLAP_NOTIF: Host 0007.b402.0901 in vlan 521 is flapping between port Po23 and port Po24
Jun 14 19:18:39.361 CAS: %SW_MATM-4-MACFLAP_NOTIF: Host 0007.b402.0901 in vlan 521 is flapping between port Po24 and port Po23
Jun 14 19:18:54.377 CAS: %SW_MATM-4-MACFLAP_NOTIF: Host 0007.b402.0901 in vlan 521 is flapping between port Po24 and port Po23
Jun 14 19:19:09.359 CAS: %SW_MATM-4-MACFLAP_NOTIF: Host 0007.b402.0901 in vlan 521 is flapping between port Po24 and port Po23

Router configuration is identical except ip's (GLBP priority is identical too):

Software: C2800NM-ADVENTERPRISEK9-M, 12.4(25f), RELEASE SOFTWARE (fc2)

 interface GigabitEthernet0/0
 no ip address
 duplex auto
 speed auto
 snmp ifindex persist
 channel-group 1
 !
 interface GigabitEthernet0/1
 no ip address
 duplex auto
 speed auto
 snmp ifindex persist
 channel-group 1
 !
 interface Port-channel1
 no ip address
 no ip proxy-arp
 hold-queue 150 in
 !
 interface Port-channel1.521
 encapsulation dot1Q 521
 ip address 172.23.21.253 255.255.255.0
 no ip proxy-arp
 glbp 521 ip 172.23.21.1
 glbp 521 priority 50
 glbp 521 preempt delay minimum 120
 glbp 521 load-balancing host-dependent
 glbp 521 authentication md5 key-chain KEYCHAIN

3750 configuration for portchannel:

Software: C3750-ADVIPSERVICESK9-M, 12.2(46)SE, RELEASE SOFTWARE (fc2)

interface GigabitEthernet1/0/23
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1,500-524,581,591,930
 switchport mode trunk
 switchport nonegotiate
 storm-control broadcast level bps 2m
 storm-control multicast level bps 20m
 storm-control action trap
 channel-group 23 mode on
 ! 
 interface GigabitEthernet2/0/23
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1,500-524,581,591,930
 switchport mode trunk
 switchport nonegotiate
 storm-control broadcast level bps 2m
 storm-control multicast level bps 20m
 storm-control action trap
 channel-group 23 mode on
 ! 
 interface Port-channel23
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1,500-524,581,591,930
 switchport mode trunk
 switchport nonegotiate
 snmp ifindex persist
 storm-control broadcast level bps 2m
 storm-control multicast level bps 20m
 storm-control action trap
 spanning-tree guard root

I can provide other configuration part, dumps, debug e.t.c if needed

paul driver · ‎06-15-2018

Hello

On the switchport interfaces of the two routers that are in trunks, allow ONLY vlan 521 and remove the stp root guard also

res

Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

eyazhuk · ‎06-18-2018

Hi, Paul.

Unfortunately, it's not possible to remove other vlan's - it's a production configuration.

Previosly I had GLBP for all vlan's, but removed it from all except VLAN 521 cause of unstability, described above.

VLAN 521 is kind of not important, so I can proceed some experiments with it.

I will try removing STP guard, though.