Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1286
Views
5
Helpful
2
Replies

Cisco 3750 Stack to upstream ISP seperate Switches - MAC Flapping

Nicholas Beard
Level 1
Level 1

‎03-12-2012 05:36 AM - edited ‎03-07-2019 05:30 AM

Hi guys,

I have an issue with a Cisco 3750 switch stack which is connected to two seperate upstream Cisco 3750's which are administered by an ISP.  The ISP is experiencing MAC address flapping from one of my VLAN SVI's i am using to route traffic upstream.  Please see attached a diagram of the topology (put together very quickly).

%SW_MATM-4-MACFLAP_NOTIF: Host 1caa.0765.eac0 in vlan 3017 is flapping between port Gi1/0/48 and port Te1/0/2

%SW_MATM-4-MACFLAP_NOTIF: Host 1caa.0765.eac0 in vlan 3017 is flapping between port Te1/0/2 and port Gi1/0/48

%SW_MATM-4-MACFLAP_NOTIF: Host 1caa.0765.eac0 in vlan 3017 is flapping between port Gi1/0/48 and port Te1/0/2

%SW_MATM-4-MACFLAP_NOTIF: Host 1caa.0765.eac0 in vlan 3017 is flapping between port Gi1/0/48 and port Te1/0/2

%SW_MATM-4-MACFLAP_NOTIF: Host 1caa.0765.eac0 in vlan 3017 is flapping between port Te1/0/2 and port Gi1/0/48

Port Te1/0/2 is a ten gigabit trunk port connecting their two switches and ports Gi1/0/48 on both switches connect directly back to my switch stack.

I basically have been provided two connections from the ISP switches (ports Gi1/0/48 on both their switches) which are active/passive which i use to route traffic upstream.  My switches are configured as follows -

interface Port-channel1

switchport mode access

spanning-tree bpdufilter enable

spanning-tree bpduguard enable

interface FastEthernet1/0/24 (Connected to Gi1/0/48 ISP switch #1)

description *************

switchport mode access

mls qos vlan-based

channel-group 1 mode on

spanning-tree portfast

spanning-tree bpdufilter enable

spanning-tree bpduguard enable

interface FastEthernet2/0/24 (Connected to Gi1/0/48 ISP switch #2)

description ****************

switchport mode access

mls qos vlan-based

channel-group 1 mode on

spanning-tree portfast

spanning-tree bpdufilter enable

spanning-tree bpduguard enable

interface Vlan1

ip address 1.1.1.1 255.255.255.248

no ip redirects

service-policy input ****************

ip route 0.0.0.0 0.0.0.0 1.1.1.2

As you can see I utilise a VLAN SVI to route traffic to the upstream 1.1.1.2 (illustration only) IP.  As per the diagram of the topology attached, the ISP is receiving a MAC address flapping error confirming the SVI MAC address from my switch stack is being learnt on the trunk port connecting switch 1 and switch 2, and also the port (Gi1/0/48) directly connected to my switch stack. As these are all Layer 2 links essentially being passed upstream and then connected between the two ISP switches, we have a 3 way triangular loop formed.

What would be the best option to prevent this?

If I was to remove the port channel configuration from the two ports associated with the VLAN SVI, am i right in suggesting this would still form a layer 2 loop?  The two ports would still be a member of the SVI VLAN, and it is the VLAN MAC address which is being learnt by the two ISP switches on different interfaces.

Labels:
Preview file
33 KB
0 Helpful
2 Replies 2

AJ Cruz
Level 3
Level 3

‎03-15-2012 06:40 PM

I believe you have a couple issues with this. First, you're doing multi-chassis etherchannel which will not work (I'm assuming the ISP switches are not stacked or VSS).

You'll want to remove the etherchannel.

Also, you're filtering BPDUs which is fine as long as there are no L2 loops (same vlan spanning all 3 switches). If you need the loop and you cannot run STP with the provider you'll want to take a look at flex links.

Nicholas Beard
Level 1
Level 1
In response to AJ Cruz

‎03-19-2012 07:27 AM

Thanks for the response, we have indeed decided to progress with the Cisco Flex Link option.

You're input was very helpful.

Regards

Nick

0 Helpful
Customers Also Viewed These Support Documents