port Flapping

jahanzeb.feroze · ‎09-15-2015

I have set port channel in my switch Cisco 2960, and i receiving the following error since then,

Error: 40371: 5w2d: %SW_MATM-4-MACFLAP_NOTIF: Host e41f.13fc.7781 in vlan 1 is flapping between port Gi0/17 and port Gi0/15

Please guide me how to fix it, config of my switch is pasted below

Config:

version 12.2
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname xxxxx
!
logging count
logging buffered informational
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
!
username nog1 secret 5 xxxxxxxxxxxxxxxxxxxxxxx
aaa new-model
aaa authentication login console-login local
aaa authentication login vty-login group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa accounting commands 15 default start-stop group tacacs+
!
aaa session-id common
clock timezone pst 5
system mtu routing 1500
ip subnet-zero
no ip source-route
no ip gratuitous-arps
!
no ip domain-lookup
ip domain-name cdcpak.com
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface Port-channel1
switchport trunk allowed vlan 1
switchport mode trunk
speed 1000
!
interface Port-channel2
switchport trunk allowed vlan 1
switchport mode trunk
speed 1000
!
interface GigabitEthernet0/1
description BA_DMZ (Assigned to Po1 for SMG purpose)
switchport trunk allowed vlan 1
switchport mode trunk
speed 1000
channel-group 1 mode active
!
interface GigabitEthernet0/2
description BA_DMZ (Assigned to Po1 for SMG purpose)
switchport trunk allowed vlan 1
switchport mode trunk
speed 1000
channel-group 1 mode active
!
interface GigabitEthernet0/3
switchport mode access
speed 100
duplex full
!
interface GigabitEthernet0/4
description BA_DMZ (Assigned to Po1 for SMG purpose)
switchport trunk allowed vlan 1
switchport mode trunk
speed 1000
channel-group 1 mode active
!
interface GigabitEthernet0/5
switchport mode access
speed 100
duplex full
!
interface GigabitEthernet0/6
switchport mode access
!
interface GigabitEthernet0/7
switchport mode access
!
interface GigabitEthernet0/8
description BA_DMZ (Assigned to Po1 for SMG purpose)
switchport trunk allowed vlan 1
switchport mode trunk
speed 1000
channel-group 1 mode active
!
interface GigabitEthernet0/9
switchport mode access
speed 100
duplex full
!
interface GigabitEthernet0/10
!
interface GigabitEthernet0/11
switchport mode access
speed 100
duplex full
!
interface GigabitEthernet0/12
switchport mode access
speed 100
duplex full
!
interface GigabitEthernet0/13
switchport mode access
speed 100
duplex full
!
interface GigabitEthernet0/14
description BA_DMZ (Assigned to Po2 for SMG purpose)
switchport trunk allowed vlan 1
switchport mode trunk
speed 1000
channel-group 2 mode active
!
interface GigabitEthernet0/15
description BA_DMZ (Assigned to Po2 for SMG purpose)
switchport trunk allowed vlan 1
switchport mode trunk
speed 1000
duplex full
channel-group 2 mode active
!
interface GigabitEthernet0/16
description BA_DMZ (Assigned to Po2 for SMG purpose)
switchport trunk allowed vlan 1
switchport mode trunk
speed 1000
channel-group 2 mode active
!
interface GigabitEthernet0/17
description BA_DMZ (Assigned to Po2 for SMG purpose)
switchport trunk allowed vlan 1
switchport mode trunk
speed 1000
channel-group 2 mode active
!
interface GigabitEthernet0/18
switchport mode access
duplex full
!
interface GigabitEthernet0/19
switchport mode access
duplex full
!
interface GigabitEthernet0/20
switchport mode access
shutdown
speed 100
duplex full
!
interface GigabitEthernet0/21
switchport mode access
media-type rj45
speed 100
duplex full
!
interface GigabitEthernet0/22
switchport access vlan 105
switchport mode access
shutdown
media-type rj45
speed 100
duplex full
!
interface GigabitEthernet0/23
switchport access vlan 105
switchport mode access
shutdown
media-type rj45
speed 100
duplex full
!
interface GigabitEthernet0/24
switchport trunk allowed vlan 99
switchport mode trunk
!
interface Vlan1
no ip address
no ip route-cache
!
interface Vlan99
ip address 10.x.x.x 255.255.255.0
no ip route-cache
!
no ip http server
ip tacacs source-interface Vlan99
logging 10.2.41.11
logging 10.1.24.81
logging 10.1.222.35
logging 10.2.8.144
access-list 10 permit 10.1.24.21
access-list 10 permit 10.1.26.27
access-list 10 permit 10.1.26.26
access-list 10 permit 10.25.2.26
access-list 10 permit 10.1.26.31
access-list 10 permit 10.2.41.11
access-list 10 permit 10.1.26.33
access-list 10 permit 10.1.26.32
access-list 10 permit 10.2.41.23
access-list 10 permit 10.2.40.24
access-list 10 permit 10.1.24.81
access-list 10 permit 10.1.222.35
access-list 10 deny any log
access-list 11 permit 10.2.41.11
access-list 11 permit 10.1.24.81
access-list 11 permit 10.2.8.144
access-list 11 permit 10.1.222.21
access-list 11 permit 10.1.222.20
access-list 11 permit 10.1.222.10
access-list 11 permit 10.1.222.35
access-list 11 deny any log
no cdp run
snmp-server community t3hz33b RO 11
snmp-server host 10.1.222.35 version 2c t3hz33b
snmp-server host 10.1.24.50 version 2c t3hz33b
snmp-server host 10.1.24.81 version 2c t3hz33b
snmp-server host 10.2.41.11 version 2c t3hz33b
snmp-server host 10.2.8.144 version 2c t3hz33b
tacacs-server host 10.2.8.133 key 7 08154D4205003142425D5C
tacacs-server host 10.1.160.15 key 7 08154D4205003142425D5C
tacacs-server directed-request
radius-server source-ports 1645-1646
!
control-plane
!
banner login ^C This network devi^C
!
line con 0
exec-timeout 15 0
logging synchronous
login authentication console-login
line vty 0 4
access-class 10 in
exec-timeout 15 0
logging synchronous
login authentication vty-login
line vty 5 15
access-class 10 in
exec-timeout 15 0
logging synchronous
login authentication vty-login
!
ntp authentication-key 1 md5 0034120D550E1F0721 7
ntp authenticate
ntp trusted-key 1
ntp clock-period 36029386
ntp server 10.1.222.100 key 1 source Vlan99 prefer
end

p.imre · ‎09-15-2015

There is some misconfiguration regarding the etherchannel:the speed and duplex settings of all member interfaces has to be identical. You should remove duplex full from Gi0/15. You can check the status of the etherchannel with the command show etherchannel summary.

jahanzeb.feroze · ‎09-15-2015

Ok i will try after removing the duplex, and will update incase problem is not solved.

LJ Gabrillo · ‎09-16-2015

Hi,

p.imre is also right, anyway, as long as the ports should have identical configuration that's why I asked you to add duplex full on g0/17 to have them consistent

Also, connected to your IBM? Is that a baremetal server or a Hypervisor deployed?
Make sure you have configured NIC Teaming on your server, you can't just connect your server to an etherchannel on the switch w/o configuring the peer device e.g., your server

So have you configured NIC Teaming on your server? If not, configure it, make sure to use LACP

jahanzeb.feroze · ‎09-16-2015

What is NIC Teaming? No idea about it.

LJ Gabrillo · ‎09-16-2015

To put it simply, it's a fancy name for etherchannel on the server side realm
Make sure you configure etherchannel as well on the server

If you can't configure them, remove the port channel configuration. If you dont, you will hvae performance issues not only on your network but also that IBM server of yours

jahanzeb.feroze · ‎09-16-2015

Oh you mean etherchannel should be configure on IBM servers also in order to remove this error, right ?

Else i will remove it from Switch also ?

LJ Gabrillo · ‎09-16-2015

Yes that's what we are trying to say

Anyway, configuring etherchannel always involves the peer devices being configured
There is no "Automatic" detection/negotiation of the ports.

The server doesn't automatically detect that the switch it's connected to is configured for etherchannel.

Any device whether switch, server, WLCs, routers to name a few always involves configuring BOTH peer devices, always. :D

jahanzeb.feroze · ‎09-16-2015

Ok , thanks a lot, will surely update after performing the suggested steps

LJ Gabrillo · ‎09-16-2015

Don't forget to rate our suggestions so everyone can see
additionally, this will mark this section answered/closed :D

jahanzeb.feroze · ‎09-21-2015

sure

jahanzeb.feroze · ‎09-29-2015

Problem didnt resolve after removing duplex on gig 0/15

jahanzeb.feroze · ‎09-29-2015

Issue didnt resolve after removing duplex full from gi0/5

Richard Bradfield · ‎09-15-2015

Hi Jahanzeb,

"port-channel load-balance src-dst-ip" global command, should stop the flapping unless the server has not been setup correctly for port channel.

see this link about port channel load balancing

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/12-2_53_se/configuration/guide/2960scg/swethchl.html#wp1445110

LJ Gabrillo · ‎09-15-2015

Before proceeding,

What devices are connected to ports g0/15 and g0/17? Can you verify,

Checking your config:

interface GigabitEthernet0/15
description BA_DMZ (Assigned to Po2 for SMG purpose)
switchport trunk allowed vlan 1
switchport mode trunk
speed 1000
duplex full
channel-group 2 mode active

and

interface GigabitEthernet0/17
description BA_DMZ (Assigned to Po2 for SMG purpose)
switchport trunk allowed vlan 1
switchport mode trunk
speed 1000
channel-group 2 mode active

interface Port-channel2
switchport trunk allowed vlan 1
switchport mode trunk
speed 1000

For consistency sake, can you configure the duplex as well on G0/17?

There might be a problem with the device that it's connected to
g0/15 and g0/17 should be connected to another device in w/c its ports are using LACP as well

If you connected this w/o configuring the peer device, you will have this kind of problem
and this problem is actually quite bad because this can cause a loop in your network e.g., 100% CPU Util on your switches (most likely not only this one)