Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1864
Views
0
Helpful
7
Replies

MAC flapping on Nexus 3K port channel and physical interface connected to ASA 5510 port channel

Go to solution
Brian Reed
Level 1
Level 1

‎05-20-2020 02:40 PM

Hey folks, I hope I'm posting this correctly,

I have a single ASA 5510 with a simple port channel connecting to a pair of Nexus 3K's with a peer link between them.  The 3K's are complaining of mac flapping between the port channel interface and the physical interface connected to the first 3K.  The MAC its seeing is assigned to both the ASA port channel interface as well as the lowest interface of the ASA.  I understand the ASA assumes the MAC of the lowest interface if one is not assigned.  Is assigning a virtual MAC to the ASA port channel interface the fix for this?  I can't find any documentation stating that's a requirement.  Also, does the 3K require the port channel to be configured as a trunk even though this is just an access port?

 

Thanks - Brian.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Brian Reed
Level 1
Level 1
In response to Georg Pauwen

‎05-21-2020 12:39 PM

So, final solution.   Assigned vMAC to ASA port channel 1, set speed 1000 and duplex full on both sides, set channel group mode active on both sides.  Port channel looks good on both ends. Thanks to everyone for all your input. 

BTW: This ASA is running 9.1(7)29 code.

vPC status

----------------------------------------------------------------------------

id     Port        Status Consistency Reason                     Active vlans

------ ----------- ------ ----------- -------------------------- -----------

1      Po1         up     success     success                    2921

2      Po2         up     success     success                    2921

3      Po3         up     success     success                    1200

4      Po4         up     success     success                    1200

5      Po5         up     success     success                    2923

 

--------------------------------------------------------------------------------

Group Port-       Type     Protocol  Member Ports

      Channel

--------------------------------------------------------------------------------

1     Po1(SU)     Eth      LACP      Eth1/17(P)

2     Po2(SU)     Eth      LACP      Eth1/18(P)

3     Po3(SU)     Eth      LACP      Eth1/42(P)

4     Po4(SU)     Eth      LACP      Eth1/41(P)

5     Po5(SU)     Eth      LACP      Eth1/35(P)

View solution in original post

0 Helpful
7 Replies 7

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎05-20-2020 04:00 PM

Can you post the MAC flapping Log and interface config and po configuraiton to verify.

 

also post show vpc out

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Brian Reed
Level 1
Level 1
In response to balaji.bandi

‎05-20-2020 07:32 PM

May 20 12:07:01 bhm-rsw-wan-01 %FWM-6-MAC_MOVE_NOTIFICATION: Host 7081.051d.deec in vlan 2923 is flapping between port Eth1/35 and port Po100
!Command: show running-config interface port-channel100
!Time: Wed May 20 13:54:56 2020

version 6.0(2)A8(4a)

interface port-channel100
speed 10000
description :: Trunk:VLAN#ALL: VPC-PEER-LINK :Po100:NoIP:bhm-rsw-wan-02 ::
switchport mode trunk
switchport trunk allowed vlan 1-1298,1300-4094
spanning-tree port type network
ip port access-group TAC in
vpc peer-link

bhm-rsw-wan-01# sho run int port-channel 5

!Command: show running-config interface port-channel5
!Time: Wed May 20 13:55:00 2020

version 6.0(2)A8(4a)

interface port-channel5
description :: Trunk:VLAN#2923: bhm-vpn-asa-01 :Po1 ::
switchport access vlan 2923
spanning-tree port type edge
vpc 5

bhm-rsw-wan-01# sho run int eth1/35

!Command: show running-config interface Ethernet1/35
!Time: Wed May 20 13:55:16 2020

version 6.0(2)A8(4a)

interface Ethernet1/35
speed 1000
description :: Access:VLAN#2923: BHM-VPN-ASA-1 :Eth0/0 ::
shutdown
switchport access vlan 2923
spanning-tree port type edge
channel-group 5 mode active

ON THE ASA 5510
interface Port-channel1
description Port-Channel to WAN-3K1 and WAN-3K2
nameif inside
security-level 100
ip address 192.168.127.57 255.255.255.248
!
interface Ethernet0/0
description Corp Network Facing Interface to WAN-3K1
channel-group 1 mode on
no nameif
no security-level
no ip address
bhm-vpn-asa1# sho run int e0/1
!
interface Ethernet0/1
description Corp Network Facing Interface to WAN-3K2
channel-group 1 mode on
no nameif
no security-level
no ip address

0 Helpful

Go to solution
Sergiu.Daniluk
VIP Alumni
VIP Alumni
In response to Brian Reed

‎05-21-2020 01:18 AM

Hi @Brian Reed 

There is no requirement for vPC port-channels to be trunk. This looks like, most likely, a loop somewhere, or incorrect configuration or a bug.

What do you see on the second vPC peer from mac move perspective?

Also, is the vPC 5 up? Can you share from both vPC peer switches:

show vpc

show port-channel summary

 

Regards,

Sergiu

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to Brian Reed

‎05-21-2020 11:16 AM

Agreed with @Georg Pauwen  here, you can not have dual leg in single vPC, some design issue here.

 

I was in impression you have Cluster of ASA

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Brian Reed
Level 1
Level 1
In response to balaji.bandi

‎05-21-2020 11:53 AM

Assigning a virtual mac to the port channel on the ASA fixed the mac flapping issue. VPC is still down though and I'm looking into that.
0 Helpful

Go to solution
Georg Pauwen
VIP
VIP

‎05-21-2020 12:27 AM

Hello,

 

I could not find anything regarding the requirements for connecting a single ASA to multiple Nexus switches in a port channel, so manually assigning a MAC address might indeed be a remedy. Can you give that a try and report the results ?

0 Helpful

Go to solution
Brian Reed
Level 1
Level 1
In response to Georg Pauwen

‎05-21-2020 12:39 PM

So, final solution.   Assigned vMAC to ASA port channel 1, set speed 1000 and duplex full on both sides, set channel group mode active on both sides.  Port channel looks good on both ends. Thanks to everyone for all your input. 

BTW: This ASA is running 9.1(7)29 code.

vPC status

----------------------------------------------------------------------------

id     Port        Status Consistency Reason                     Active vlans

------ ----------- ------ ----------- -------------------------- -----------

1      Po1         up     success     success                    2921

2      Po2         up     success     success                    2921

3      Po3         up     success     success                    1200

4      Po4         up     success     success                    1200

5      Po5         up     success     success                    2923

 

--------------------------------------------------------------------------------

Group Port-       Type     Protocol  Member Ports

      Channel

--------------------------------------------------------------------------------

1     Po1(SU)     Eth      LACP      Eth1/17(P)

2     Po2(SU)     Eth      LACP      Eth1/18(P)

3     Po3(SU)     Eth      LACP      Eth1/42(P)

4     Po4(SU)     Eth      LACP      Eth1/41(P)

5     Po5(SU)     Eth      LACP      Eth1/35(P)

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card