07-31-2013 09:57 PM - edited 03-07-2019 02:42 PM
Dear All,
I am facing a network connectivity issue in my internal network. More than 20 users are getting RTO in our inside network. When I checked the the core switch i got an error regarding MAC flapping issue. But I am little bit confused that every MAC address learned from WLC which is connected to my core switch(3750) on G0/15. when I checked the connectivity the MAC address are belongs to the physical PC but I don't understand why the same MAC address is learned through WLC also as I have already disable the wireless driver of the PC. Every MAC address learn through WLC as well as switch(2960) which is connected to core switch. Please find below error...
001126: Jul 29 05:10:07: %SW_MATM-4-MACFLAP_NOTIF: Host d067.e518.1fdf in vlan 1
00 is flapping between port Gi0/15 and port Gi0/6
001127: Jul 29 05:15:39: %DHCPD-4-PING_CONFLICT: DHCP address conflict: server
pinged 172.28.0.248.
001128: Jul 29 05:20:21: %SW_MATM-4-MACFLAP_NOTIF: Host d067.e518.1fdf in vlan 1
00 is flapping between port Gi0/15 and port Gi0/6
001129: Jul 29 05:21:22: %SW_MATM-4-MACFLAP_NOTIF: Host d067.e518.1fdf in vlan 1
00 is flapping between port Gi0/15 and port Gi0/6
001130: Jul 29 05:25:10: %SW_MATM-4-MACFLAP_NOTIF: Host d4be.d9bd.2dd3 in vlan 1
00 is flapping between port Gi0/1 and port Gi0/15
001131: Jul 29 05:31:36: %SW_MATM-4-MACFLAP_NOTIF: Host d067.e518.1fdf in vlan 1
00 is flapping between port Gi0/15 and port Gi0/6
001132: Jul 29 05:35:11: %SW_MATM-4-MACFLAP_NOTIF: Host d4be.d9bd.2dd3 in vlan 1
00 is flapping between port Gi0/15 and port Gi0/1
001133: Jul 29 05:35:17: %SW_MATM-4-MACFLAP_NOTIF: Host d4be.d9bd.2dd3 in vlan 1
00 is flapping between port Gi0/15 and port Gi0/1
001134: Jul 29 05:41:39: %SW_MATM-4-MACFLAP_NOTIF: Host d067.e518.1fdf in vlan 1
00 is flapping between port Gi0/15 and port Gi0/6
001135: Jul 29 05:43:17: %DHCPD-4-PING_CONFLICT: DHCP address conflict: server
pinged 172.28.0.253.
001136: Jul 29 05:45:12: %SW_MATM-4-MACFLAP_NOTIF: Host d4be.d9bd.2dd3 in vlan 1
00 is flapping between port Gi0/15 and port Gi0/1
001137: Jul 29 05:45:28: %SW_MATM-4-MACFLAP_NOTIF: Host d4be.d9bd.2dd3 in vlan 1
00 is flapping between port Gi0/15 and port Gi0/1
001138: Jul 29 05:45:44: %SW_MATM-4-MACFLAP_NOTIF: Host d4be.d9bd.2dd3 in vlan 1
00 is flapping between port Gi0/15 and port Gi0/1
001139: Jul 29 05:46:02: %SW_MATM-4-MACFLAP_NOTIF: Host d4be.d9bd.2dd3 in vlan 1
00 is flapping between port Gi0/15 and port Gi0/1
001140: Jul 29 05:47:38: %DHCPD-4-PING_CONFLICT: DHCP address conflict: server
pinged 172.28.1.1.
001141: Jul 29 05:51:50: %SW_MATM-4-MACFLAP_NOTIF: Host d067.e518.1fdf in vlan 1
00 is flapping between port Gi0/6 and port Gi0/15
001142: Jul 29 05:55:16: %SW_MATM-4-MACFLAP_NOTIF: Host d4be.d9bd.2dd3 in vlan 1
00 is flapping between port Gi0/15 and port Gi0/1
001143: Jul 29 05:55:31: %SW_MATM-4-MACFLAP_NOTIF: Host d4be.d9bd.2dd3 in vlan 1
00 is flapping between port Gi0/15 and port Gi0/1
001144: Jul 29 05:57:52: %SW_MATM-4-MACFLAP_NOTIF: Host d4be.d9bd.2dd3 in vlan 1
00 is flapping between port Gi0/15 and port Gi0/1
001145: Jul 29 06:00:36: %SW_MATM-4-MACFLAP_NOTIF: Host d067.e518.1fdf in vlan 1
00 is flapping between port Gi0/15 and port Gi0/6
001146: Jul 29 06:01:50: %SW_MATM-4-MACFLAP_NOTIF: Host d067.e518.1fdf in vlan 1
00 is flapping between port Gi0/15 and port Gi0/6
001147: Jul 29 06:02:39: %SW_MATM-4-MACFLAP_NOTIF: Host d4be.d9bd.2dd3 in vlan 1
00 is flapping between port Gi0/15 and port Gi0/1
001148: Jul 29 06:03:11: %SW_MATM-4-MACFLAP_NOTIF: Host d067.e518.1fdf in vlan 1
00 is flapping between port Gi0/15 and port Gi0/6
001149: Jul 29 06:05:19: %SW_MATM-4-MACFLAP_NOTIF: Host d4be.d9bd.2dd3 in vlan 1
00 is flapping between port Gi0/15 and port Gi0/1
001150: Jul 29 06:06:02: %SW_MATM-4-MACFLAP_NOTIF: Host d4be.d9bd.2dd3 in vlan 1
00 is flapping between port Gi0/15 and port Gi0/1
Please somebody help me why is happening like this??????????
Regards,
Sanjib Pradhan
07-31-2013 10:02 PM
This happens if Etherchannel is not configured properly.
07-31-2013 10:12 PM
Etherchannel is not configured in our entire network. We have two core switch and they are connected with two links.
07-31-2013 10:25 PM
Spanning-tree loop will also cause this issue.
07-31-2013 10:33 PM
I have already cheched the configuartion and did not find any configuration issue, also spanning tree is running fine.so I don't think so. If u still believe plz provide me some command to detect spanning tree loops.
07-31-2013 10:36 PM
"show spanning-tree vlan 1" on both switches.
Sketch out on a piece of paper where is the root and which ports are forwarding.
07-31-2013 10:55 PM
------------------ show spanning-tree ------------------
VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 4097
Address d867.d9c9.c700
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 4097 (priority 4096 sys-id-ext 1)
Address d867.d9c9.c700
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi0/1 Desg FWD 4 128.1 P2p
Gi0/2 Desg FWD 4 128.2 P2p
Gi0/3 Desg FWD 4 128.3 P2p
Gi0/4 Desg FWD 4 128.4 P2p
Gi0/5 Desg FWD 4 128.5 P2p
Gi0/6 Desg FWD 4 128.6 P2p
Gi0/7 Desg FWD 4 128.7 P2p
Gi0/9 Desg FWD 19 128.9 P2p Peer(STP)
Gi0/15 Desg FWD 4 128.15 P2p
Po1 Desg FWD 3 128.56 P2p
VLAN0016
Spanning tree enabled protocol rstp
Root ID Priority 4112
Address d867.d9c9.c700
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 4112 (priority 4096 sys-id-ext 16)
Address d867.d9c9.c700
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi0/1 Desg FWD 4 128.1 P2p
Gi0/2 Desg FWD 4 128.2 P2p
Gi0/3 Desg FWD 4 128.3 P2p
Gi0/4 Desg FWD 4 128.4 P2p
Gi0/5 Desg FWD 4 128.5 P2p
Gi0/6 Desg FWD 4 128.6 P2p
Gi0/7 Desg FWD 4 128.7 P2p
Gi0/9 Desg FWD 19 128.9 P2p Peer(STP)
Gi0/15 Desg FWD 4 128.15 P2p
Gi0/17 Desg FWD 4 128.17 P2p Edge
Po1 Desg FWD 3 128.56 P2p
VLAN0031
Spanning tree enabled protocol rstp
Root ID Priority 4127
Address d867.d9c9.c700
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 4127 (priority 4096 sys-id-ext 31)
Address d867.d9c9.c700
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi0/1 Desg FWD 4 128.1 P2p
Gi0/2 Desg FWD 4 128.2 P2p
Gi0/3 Desg FWD 4 128.3 P2p
Gi0/4 Desg FWD 4 128.4 P2p
Gi0/5 Desg FWD 4 128.5 P2p
Gi0/6 Desg FWD 4 128.6 P2p
Gi0/7 Desg FWD 4 128.7 P2p
Gi0/9 Desg FWD 19 128.9 P2p Peer(STP)
Gi0/15 Desg FWD 4 128.15 P2p
Po1 Desg FWD 3 128.56 P2p
VLAN0060
Spanning tree enabled protocol rstp
Root ID Priority 4156
Address d867.d9c9.c700
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 4156 (priority 4096 sys-id-ext 60)
Address d867.d9c9.c700
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi0/1 Desg FWD 4 128.1 P2p
Gi0/2 Desg FWD 4 128.2 P2p
Gi0/3 Desg FWD 4 128.3 P2p
Gi0/4 Desg FWD 4 128.4 P2p
Gi0/5 Desg FWD 4 128.5 P2p
Gi0/6 Desg FWD 4 128.6 P2p
Gi0/7 Desg FWD 4 128.7 P2p
Gi0/9 Desg FWD 19 128.9 P2p Peer(STP)
Gi0/15 Desg FWD 4 128.15 P2p
Po1 Desg FWD 3 128.56 P2p
VLAN0090
Spanning tree enabled protocol rstp
Root ID Priority 4186
Address d867.d9c9.c700
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 4186 (priority 4096 sys-id-ext 90)
Address d867.d9c9.c700
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi0/1 Desg FWD 4 128.1 P2p
Gi0/2 Desg FWD 4 128.2 P2p
Gi0/3 Desg FWD 4 128.3 P2p
Gi0/4 Desg FWD 4 128.4 P2p
Gi0/5 Desg FWD 4 128.5 P2p
Gi0/6 Desg FWD 4 128.6 P2p
Gi0/7 Desg FWD 4 128.7 P2p
Gi0/9 Desg FWD 19 128.9 P2p Peer(STP)
Gi0/11 Desg FWD 4 128.11 P2p Edge
Gi0/12 Desg FWD 4 128.12 P2p Edge
Gi0/13 Desg FWD 19 128.13 P2p Edge
Gi0/15 Desg FWD 4 128.15 P2p
Gi0/16 Desg FWD 4 128.16 P2p Edge
Gi0/20 Desg FWD 4 128.20 P2p Edge
Gi0/21 Desg FWD 4 128.21 P2p Edge
Gi0/22 Desg FWD 4 128.22 P2p Edge
Po1 Desg FWD 3 128.56 P2p
VLAN0100
Spanning tree enabled protocol rstp
Root ID Priority 4196
Address d867.d9c9.c700
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 4196 (priority 4096 sys-id-ext 100)
Address d867.d9c9.c700
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi0/1 Desg FWD 4 128.1 P2p
Gi0/2 Desg FWD 4 128.2 P2p
Gi0/3 Desg FWD 4 128.3 P2p
Gi0/4 Desg FWD 4 128.4 P2p
Gi0/5 Desg FWD 4 128.5 P2p
Gi0/6 Desg FWD 4 128.6 P2p
Gi0/7 Desg FWD 4 128.7 P2p
Gi0/9 Desg FWD 19 128.9 P2p Peer(STP)
Gi0/15 Desg FWD 4 128.15 P2p
Po1 Desg FWD 3 128.56 P2p
VLAN0110
Spanning tree enabled protocol rstp
Root ID Priority 4206
Address d867.d9c9.c700
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 4206 (priority 4096 sys-id-ext 110)
Address d867.d9c9.c700
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi0/1 Desg FWD 4 128.1 P2p
Gi0/2 Desg FWD 4 128.2 P2p
Gi0/3 Desg FWD 4 128.3 P2p
Gi0/4 Desg FWD 4 128.4 P2p
Gi0/5 Desg FWD 4 128.5 P2p
Gi0/6 Desg FWD 4 128.6 P2p
Gi0/7 Desg FWD 4 128.7 P2p
Gi0/9 Desg FWD 19 128.9 P2p
Gi0/15 Desg FWD 4 128.15 P2p
Po1 Desg FWD 3 128.56 P2p
VLAN0120
Spanning tree enabled protocol rstp
Root ID Priority 4216
Address d867.d9c9.c700
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 4216 (priority 4096 sys-id-ext 120)
Address d867.d9c9.c700
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi0/1 Desg FWD 4 128.1 P2p
Gi0/2 Desg FWD 4 128.2 P2p
Gi0/3 Desg FWD 4 128.3 P2p
Gi0/4 Desg FWD 4 128.4 P2p
Gi0/5 Desg FWD 4 128.5 P2p
Gi0/6 Desg FWD 4 128.6 P2p
Gi0/7 Desg FWD 4 128.7 P2p
Gi0/9 Desg FWD 19 128.9 P2p Peer(STP)
Gi0/15 Desg FWD 4 128.15 P2p
Po1 Desg FWD 3 128.56 P2p
VLAN0140
Spanning tree enabled protocol rstp
Root ID Priority 4236
Address d867.d9c9.c700
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 4236 (priority 4096 sys-id-ext 140)
Address d867.d9c9.c700
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi0/1 Desg FWD 4 128.1 P2p
Gi0/2 Desg FWD 4 128.2 P2p
Gi0/3 Desg FWD 4 128.3 P2p
Gi0/4 Desg FWD 4 128.4 P2p
Gi0/5 Desg FWD 4 128.5 P2p
Gi0/6 Desg FWD 4 128.6 P2p
Gi0/7 Desg FWD 4 128.7 P2p
Gi0/8 Desg FWD 4 128.8 P2p Edge
Gi0/9 Desg FWD 19 128.9 P2p
Gi0/10 Desg FWD 4 128.10 P2p Edge
Gi0/15 Desg FWD 4 128.15 P2p
Po1 Desg FWD 3 128.56 P2p
VLAN0160
Spanning tree enabled protocol rstp
Root ID Priority 4256
Address d867.d9c9.c700
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 4256 (priority 4096 sys-id-ext 160)
Address d867.d9c9.c700
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi0/1 Desg FWD 4 128.1 P2p
Gi0/2 Desg FWD 4 128.2 P2p
Gi0/3 Desg FWD 4 128.3 P2p
Gi0/4 Desg FWD 4 128.4 P2p
Gi0/5 Desg FWD 4 128.5 P2p
Gi0/6 Desg FWD 4 128.6 P2p
Gi0/7 Desg FWD 4 128.7 P2p
Gi0/9 Desg FWD 19 128.9 P2p Peer(STP)
Gi0/15 Desg FWD 4 128.15 P2p
Po1 Desg FWD 3 128.56 P2p
------------------ show etherchannel summary ------------------
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
M - not in use, minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
Number of channel-groups in use: 1
Number of aggregators: 1
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
1 Po1(SU) - Gi0/23(P) Gi0/24(P)
------------------ show ipc nodes ------------------
There is 1 node in this IPC realm.
ID Type Name Last Last
Sent Heard
0.10000 Local IPC Master 0 0
07-31-2013 10:58 PM
Your output is for all VLANs and only from one switch. "show spann vlan 1" please from both switches.
(and/or configs as Leo suggests)
07-31-2013 10:48 PM
We have two core switch and they are connected with two links.
Post the interface configs.
Etherchannel is not configured in our entire network.
Huh? If you don't have any Etherchannels then what is Po1?
07-31-2013 10:59 PM
------------------ show running-config ------------------
Building configuration...
Current configuration : 12820 bytes
!
! Last configuration change at 05:13:22 IST Thu Jul 25 2013 by mak
! NVRAM config last updated at 08:55:31 IST Fri Jul 26 2013 by mak
!
version 12.2
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug uptime
service timestamps log datetime
service password-encryption
service sequence-numbers
!
hostname Stringer01
!
boot-start-marker
boot-end-marker
!
logging buffered 50000
enable secret 5
!
username mak secret 5
username Corbus password 7
!
!
no aaa new-model
clock timezone IST 5 30
system mtu routing 1500
no ip source-route
ip routing
no ip dhcp relay information check
ip dhcp excluded-address 172.28.0.1 172.28.0.50
ip dhcp excluded-address 172.28.2.1 172.28.2.50
ip dhcp excluded-address 172.28.4.1 172.28.4.50
ip dhcp excluded-address 172.28.1.87
ip dhcp excluded-address 172.28.1.88
ip dhcp excluded-address 172.28.1.55
!
ip dhcp pool DATA-2
network 172.28.2.0 255.255.254.0
default-router 172.28.2.1
domain-name corbus.com
dns-server 172.29.0.116
!
ip dhcp pool VOICE
network 172.28.4.0 255.255.254.0
default-router 172.28.4.1
domain-name corbus.com
option 150 ip 172.29.0.202
dns-server 172.29.0.116
!
ip dhcp pool DATA-1
network 172.28.0.0 255.255.254.0
default-router 172.28.0.1
domain-name corbus.com
dns-server 172.29.0.116
lease 2
!
!
ip domain-name corbus.com
udld aggressive
!
mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos srr-queue input bandwidth 70 30
mls qos srr-queue input threshold 1 80 90
mls qos srr-queue input priority-queue 2 bandwidth 30
mls qos srr-queue input cos-map queue 1 threshold 2 3
mls qos srr-queue input cos-map queue 1 threshold 3 6 7
mls qos srr-queue input cos-map queue 2 threshold 1 4
mls qos srr-queue input dscp-map queue 1 threshold 2 24
mls qos srr-queue input dscp-map queue 1 threshold 3 48 49 50 51 52 53 54 55
mls qos srr-queue input dscp-map queue 1 threshold 3 56 57 58 59 60 61 62 63
mls qos srr-queue input dscp-map queue 2 threshold 3 32 33 40 41 42 43 44 45
mls qos srr-queue input dscp-map queue 2 threshold 3 46 47
mls qos srr-queue output cos-map queue 1 threshold 3 4 5
mls qos srr-queue output cos-map queue 2 threshold 1 2
mls qos srr-queue output cos-map queue 2 threshold 2 3
mls qos srr-queue output cos-map queue 2 threshold 3 6 7
mls qos srr-queue output cos-map queue 3 threshold 3 0
mls qos srr-queue output cos-map queue 4 threshold 3 1
mls qos srr-queue output dscp-map queue 1 threshold 3 32 33 40 41 42 43 44 45
mls qos srr-queue output dscp-map queue 1 threshold 3 46 47
mls qos srr-queue output dscp-map queue 2 threshold 1 16 17 18 19 20 21 22 23
mls qos srr-queue output dscp-map queue 2 threshold 1 26 27 28 29 30 31 34 35
mls qos srr-queue output dscp-map queue 2 threshold 1 36 37 38 39
mls qos srr-queue output dscp-map queue 2 threshold 2 24
mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55
mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63
mls qos srr-queue output dscp-map queue 3 threshold 3 0 1 2 3 4 5 6 7
mls qos srr-queue output dscp-map queue 4 threshold 1 8 9 11 13 15
mls qos srr-queue output dscp-map queue 4 threshold 2 10 12 14
mls qos queue-set output 1 threshold 1 100 100 50 200
mls qos queue-set output 1 threshold 2 125 125 100 400
mls qos queue-set output 1 threshold 3 100 100 100 400
mls qos queue-set output 1 threshold 4 60 150 50 200
mls qos queue-set output 1 buffers 15 25 40 20
mls qos
!
crypto pki trustpoint TP-self-signed-3653879552
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3653879552
revocation-check none
rsakeypair TP-self-signed-3653879552
!
!
crypto pki certificate chain TP-self-signed-3653879552
certificate self-signed 01
3082024D 308201B6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33363533 38373935 3532301E 170D3933 30333031 30303031
31375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 36353338
37393535 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B7EF B4BC8123 F4E1B488 598738C4 1855FFFD 0A501870 8701F151 75BB030C
AA26FC07 8CBCBF58 A0D6DAE2 6F059151 9A781513 F834D2A2 31822619 91A17474
9DABD1FD 803329C4 714E4664 98D45016 7C67DC3B 7EB3695E 7E434E7A A9649251
5D3E67AE 665E6B51 811BF1A8 8E7900D0 DA24EE14 9251BA4C C88D270C 936AE19F
9AAB0203 010001A3 75307330 0F060355 1D130101 FF040530 030101FF 30200603
551D1104 19301782 15537472 696E6765 7230312E 636F7262 75732E63 6F6D301F
0603551D 23041830 16801438 370973AE E12748AA 2AA88A30 DE285513 8FF91630
1D060355 1D0E0416 04143837 0973AEE1 2748AA2A A88A30DE 2855138F F916300D
06092A86 4886F70D 01010405 00038181 000CD135 9D37C3B1 E2F2BB12 AC081F13
C7E31A6B F2EA906B 79194F7B 27FE18BD 84B9AB14 45684244 C21CE1EE B4A55120
06298634 ED9B1717 816E5C2B B253AC3D C574B98E 2F839314 3D862347 42FFAF4B
2A667B2B AD0D3D7F 4598A7BF 89510A83 0D0A21D9 8552454A 34BD93C1 3D803B77
5123E5B9 D1ABD22F 7A3DE99E 3E197EE4 E0
quit
!
spanning-tree mode rapid-pvst
spanning-tree portfast default
spanning-tree portfast bpduguard default
spanning-tree extend system-id
spanning-tree vlan 1-4094 priority 4096
auto qos srnd4
!
!
!
errdisable recovery cause udld
errdisable recovery cause bpduguard
errdisable recovery cause security-violation
errdisable recovery cause channel-misconfig (STP)
errdisable recovery cause pagp-flap
errdisable recovery cause dtp-flap
errdisable recovery cause link-flap
errdisable recovery cause sfp-config-mismatch
errdisable recovery cause gbic-invalid
errdisable recovery cause l2ptguard
errdisable recovery cause psecure-violation
errdisable recovery cause port-mode-failure
errdisable recovery cause dhcp-rate-limit
errdisable recovery cause pppoe-ia-rate-limit
errdisable recovery cause mac-limit
errdisable recovery cause vmps
errdisable recovery cause storm-control
errdisable recovery cause inline-power
errdisable recovery cause arp-inspection
errdisable recovery cause loopback
errdisable recovery cause small-frame
errdisable recovery interval 60
!
vlan internal allocation policy ascending
!
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 2
lldp run
!
!
!
interface Port-channel1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0
no ip address
no ip route-cache cef
no ip route-cache
no ip mroute-cache
shutdown
!
interface GigabitEthernet0/1
description "Connected to Tomhawk Access Switch"
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/2
description "Connected to Tomhawk Access Switch"
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/3
description "Connected to Tomhawk Access Switch"
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/4
description "Connected to Tomhawk Access Switch"
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/5
description "Connected to Tomhawk Access Switch"
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/6
description "Connected to Tomhawk Access Switch"
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/7
description "Connected to Tomhawk Access Switch"
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/8
description "Corbus FTP Server"
switchport access vlan 140
!
interface GigabitEthernet0/9
description "Connected to NSEZ P2P Link"
switchport trunk encapsulation dot1q
switchport mode trunk
speed 100
duplex full
!
interface GigabitEthernet0/10
description "DMZ Port-Connected to ASA Gi0/2"
switchport access vlan 140
switchport mode access
no logging event link-status
no snmp trap link-status
spanning-tree portfast
!
interface GigabitEthernet0/11
description "EMC Storage Server SkyIN MGMT A"
switchport access vlan 90
switchport mode access
!
interface GigabitEthernet0/12
description "EMC Storage Server SkyIN DATA A Primary"
switchport access vlan 90
switchport mode access
!
interface GigabitEthernet0/13
description "EMC Storage Server SkyIN DATA A Secondry Ether"
switchport access vlan 90
switchport mode access
!
interface GigabitEthernet0/14
switchport access vlan 90
switchport mode access
!
interface GigabitEthernet0/15
description "Connected to Wireless LAN Controller"
switchport trunk encapsulation dot1q
switchport trunk native vlan 90
switchport mode trunk
!
interface GigabitEthernet0/16
description "Connected to Harpoon ASA Firewall"
switchport access vlan 90
switchport mode access
no logging event link-status
no snmp trap link-status
spanning-tree portfast
!
interface GigabitEthernet0/17
switchport access vlan 16
switchport mode access
no logging event link-status
no snmp trap link-status
spanning-tree portfast
!
interface GigabitEthernet0/18
switchport access vlan 90
switchport mode access
no logging event link-status
no snmp trap link-status
spanning-tree portfast
!
interface GigabitEthernet0/19
switchport access vlan 90
switchport mode access
no logging event link-status
no snmp trap link-status
spanning-tree portfast
!
interface GigabitEthernet0/20
description "Uplink to ADC Agosta"
switchport access vlan 90
switchport mode access
no logging event link-status
no snmp trap link-status
spanning-tree portfast
!
interface GigabitEthernet0/21
description "CISCO VOICE GATEWAY ROUTER 2901"
switchport access vlan 90
switchport mode access
no logging event link-status
no snmp trap link-status
spanning-tree portfast
!
interface GigabitEthernet0/22
description "CISCO CALL MANAGER MCS SERVER"
switchport access vlan 90
switchport mode access
no logging event link-status
no snmp trap link-status
spanning-tree portfast
!
interface GigabitEthernet0/23
description "Trunk to Stringer02"
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode on
!
interface GigabitEthernet0/24
description "Trunk to Stringer02"
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode on
!
interface GigabitEthernet1/1
!
interface GigabitEthernet1/2
!
interface GigabitEthernet1/3
!
interface GigabitEthernet1/4
!
interface TenGigabitEthernet1/1
!
interface TenGigabitEthernet1/2
!
interface Vlan1
no ip address
shutdown
!
interface Vlan90
description MGMT
ip address 172.29.0.2 255.255.0.0
no ip redirects
no ip unreachables
no ip proxy-arp
standby 90 ip 172.29.0.1
standby 90 priority 120
standby 90 preempt
!
interface Vlan100
description DATA-1
ip address 172.28.0.2 255.255.254.0
no ip redirects
no ip unreachables
no ip proxy-arp
standby 100 ip 172.28.0.1
standby 100 priority 120
standby 100 preempt
!
interface Vlan110
description DATA-2
ip address 172.28.2.2 255.255.254.0
no ip redirects
no ip unreachables
no ip proxy-arp
standby 110 ip 172.28.2.1
standby 110 priority 120
standby 110 preempt
!
interface Vlan120
description VOICE
ip address 172.28.4.2 255.255.254.0
no ip redirects
no ip unreachables
no ip proxy-arp
standby 120 ip 172.28.4.1
standby 120 priority 120
standby 120 preempt
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.29.0.100
ip route 10.0.0.0 255.0.0.0 172.29.0.40
ip route 172.16.0.0 255.255.0.0 172.29.0.40
ip route 172.19.0.0 255.255.0.0 172.29.0.40
ip route 172.30.0.0 255.255.0.0 172.29.0.40
ip route 172.32.0.0 255.255.0.0 172.29.0.40
ip route 172.60.0.0 255.255.0.0 172.29.0.40
ip route 192.168.60.0 255.255.255.0 172.29.0.40
!
ip http server
ip http secure-server
!
ip sla enable reaction-alerts
!
snmp-server community
07-31-2013 11:00 PM
errdisable recovery cause bpduguard
OMFG! You have this turned on???
"Connected to Tomhawk Access Switch"
What device is connected from Gi 0/1 - Gi 0/7?
07-31-2013 11:04 PM
What is the effect of this command????????? Is it reqired to remove it???
07-31-2013 11:10 PM
Yes remove it by all means. It basically tells the switch to keep re-enabling any port that is breaking spanning-tree.
Personally I'd remove all the other errdisable recovery settings too. Someone has tried their hardest (and succeeded from the original post) to break the built-in safety features by disabling all of them.
Also, your ports connected to other switches should have:
no spanning-tree portfast
...since it is otherwise on due to the global default that has been set.
07-31-2013 11:12 PM
What is the effect of this command
BPDU Guard is your "guardian angel". It's one of the few mechanisms that's designed to save your network from an STP loop. This command "errdisable recovery cause bpduguard" basically tells the switch, if someone plugs a switch into the port, DON'T WORRY ABOUT IT AND RUN STP.
A good network operator will NEVER enable that command.
07-31-2013 11:04 PM
Yeah that's definitely not recommended.
Spanning-tree portfast is on by global default, it's not overridden on your trunk ports and then - adding insult to injury - that and all the other errdisable mechanisms are overridden.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide