9300 MAC Flapping on PACP

avilt · ‎03-16-2021

I have LACP defined as below and getting MAC flap on my switch. Pelase advise.

interface Port-channel10
interface Port-channel20

interface GigabitEthernet1/0/23
switchport mode trunk
channel-group 10 mode active
!
interface GigabitEthernet1/0/24
switchport mode trunk
channel-group 20 mode active

interface GigabitEthernet2/0/23
description PA01-4 EXT-TRUNK
switchport mode trunk
channel-group 10 mode active
!
interface GigabitEthernet2/0/24
description PA02-4 EXT-TRUNK
switchport mode trunk
channel-group 20 mode active

*Mar 16 16:52:41.022: %SW_MATM-4-MACFLAP_NOTIF: Host 001b.1700.0131 in vlan 310 is flapping between port Po20 and port Po10
*Mar 16 16:52:55.862: %SW_MATM-4-MACFLAP_NOTIF: Host 001b.1700.0131 in vlan 310 is flapping between port Po20 and port Po10
*Mar 16 16:53:13.881: %SW_MATM-4-MACFLAP_NOTIF: Host 001b.1700.0131 in vlan 310 is flapping between port Po10 and port Po20
*Mar 16 16:53:27.242: %SW_MATM-4-MACFLAP_NOTIF: Host 001b.1700.0131 in vlan 310 is flapping between port Po10 and port Po20

EXT-SW01#show switch stack-ports
Switch# Port1 Port2
----------------------------
1 OK OK
2 OK OK

Reza Sharifi · ‎03-16-2021

Hi,

Can you post the output of "sh etherc summ"

Also, are all these 4 ports connected to 2 PA firewalls?

Do you have a diagram showing how every port and device is connected?

HTH

avilt · ‎03-16-2021

port channel summary shows LACP formed properly.

My two PA clusters are in the same VLAN, maybe that's causing this issue. I will check keeping them in different vlan first

Reza Sharifi · ‎03-16-2021

This is an issue when connecting Cisco to another vendor's FWs like PA and Juniper.

Try connecting each switch to only one of the PAs using a single physical link (no portchannel) all in the same vlan. If you only have one 9300 switch, connect 2 physical interfaces (one to each firewall) in the same vlan and no Portchannel. Test again.

HTH