cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
182
Views
0
Helpful
7
Replies
Highlighted
Beginner

MAC flapping on Nexus 3K port channel and physical interface connected to ASA 5510 port channel

Hey folks, I hope I'm posting this correctly,

I have a single ASA 5510 with a simple port channel connecting to a pair of Nexus 3K's with a peer link between them.  The 3K's are complaining of mac flapping between the port channel interface and the physical interface connected to the first 3K.  The MAC its seeing is assigned to both the ASA port channel interface as well as the lowest interface of the ASA.  I understand the ASA assumes the MAC of the lowest interface if one is not assigned.  Is assigning a virtual MAC to the ASA port channel interface the fix for this?  I can't find any documentation stating that's a requirement.  Also, does the 3K require the port channel to be configured as a trunk even though this is just an access port?

 

Thanks - Brian.

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Beginner

Re: MAC flapping on Nexus 3K port channel and physical interface connected to ASA 5510 port channel

So, final solution.   Assigned vMAC to ASA port channel 1, set speed 1000 and duplex full on both sides, set channel group mode active on both sides.  Port channel looks good on both ends. Thanks to everyone for all your input. 

BTW: This ASA is running 9.1(7)29 code.

vPC status

----------------------------------------------------------------------------

id     Port        Status Consistency Reason                     Active vlans

------ ----------- ------ ----------- -------------------------- -----------

1      Po1         up     success     success                    2921

2      Po2         up     success     success                    2921

3      Po3         up     success     success                    1200

4      Po4         up     success     success                    1200

5      Po5         up     success     success                    2923

 

--------------------------------------------------------------------------------

Group Port-       Type     Protocol  Member Ports

      Channel

--------------------------------------------------------------------------------

1     Po1(SU)     Eth      LACP      Eth1/17(P)

2     Po2(SU)     Eth      LACP      Eth1/18(P)

3     Po3(SU)     Eth      LACP      Eth1/42(P)

4     Po4(SU)     Eth      LACP      Eth1/41(P)

5     Po5(SU)     Eth      LACP      Eth1/35(P)

View solution in original post

7 REPLIES 7
Highlighted
VIP Mentor

Re: MAC flapping on Nexus 3K port channel and physical interface connected to ASA 5510 port channel

Can you post the MAC flapping Log and interface config and po configuraiton to verify.

 

also post show vpc out

BB
*** Rate All Helpful Responses ***
Highlighted
Beginner

Re: MAC flapping on Nexus 3K port channel and physical interface connected to ASA 5510 port channel

May 20 12:07:01 bhm-rsw-wan-01 %FWM-6-MAC_MOVE_NOTIFICATION: Host 7081.051d.deec in vlan 2923 is flapping between port Eth1/35 and port Po100
!Command: show running-config interface port-channel100
!Time: Wed May 20 13:54:56 2020

version 6.0(2)A8(4a)

interface port-channel100
speed 10000
description :: Trunk:VLAN#ALL: VPC-PEER-LINK :Po100:NoIP:bhm-rsw-wan-02 ::
switchport mode trunk
switchport trunk allowed vlan 1-1298,1300-4094
spanning-tree port type network
ip port access-group TAC in
vpc peer-link

bhm-rsw-wan-01# sho run int port-channel 5

!Command: show running-config interface port-channel5
!Time: Wed May 20 13:55:00 2020

version 6.0(2)A8(4a)

interface port-channel5
description :: Trunk:VLAN#2923: bhm-vpn-asa-01 :Po1 ::
switchport access vlan 2923
spanning-tree port type edge
vpc 5

bhm-rsw-wan-01# sho run int eth1/35

!Command: show running-config interface Ethernet1/35
!Time: Wed May 20 13:55:16 2020

version 6.0(2)A8(4a)

interface Ethernet1/35
speed 1000
description :: Access:VLAN#2923: BHM-VPN-ASA-1 :Eth0/0 ::
shutdown
switchport access vlan 2923
spanning-tree port type edge
channel-group 5 mode active

ON THE ASA 5510
interface Port-channel1
description Port-Channel to WAN-3K1 and WAN-3K2
nameif inside
security-level 100
ip address 192.168.127.57 255.255.255.248
!
interface Ethernet0/0
description Corp Network Facing Interface to WAN-3K1
channel-group 1 mode on
no nameif
no security-level
no ip address
bhm-vpn-asa1# sho run int e0/1
!
interface Ethernet0/1
description Corp Network Facing Interface to WAN-3K2
channel-group 1 mode on
no nameif
no security-level
no ip address

Highlighted
Rising star

Re: MAC flapping on Nexus 3K port channel and physical interface connected to ASA 5510 port channel

Hi @Brian Reed 

There is no requirement for vPC port-channels to be trunk. This looks like, most likely, a loop somewhere, or incorrect configuration or a bug.

What do you see on the second vPC peer from mac move perspective?

Also, is the vPC 5 up? Can you share from both vPC peer switches:

show vpc

show port-channel summary

 

Regards,

Sergiu

Highlighted
VIP Mentor

Re: MAC flapping on Nexus 3K port channel and physical interface connected to ASA 5510 port channel

Agreed with @Georg Pauwen  here, you can not have dual leg in single vPC, some design issue here.

 

I was in impression you have Cluster of ASA

BB
*** Rate All Helpful Responses ***
Highlighted
Beginner

Re: MAC flapping on Nexus 3K port channel and physical interface connected to ASA 5510 port channel

Assigning a virtual mac to the port channel on the ASA fixed the mac flapping issue. VPC is still down though and I'm looking into that.
Highlighted
VIP Mentor

Re: MAC flapping on Nexus 3K port channel and physical interface connected to ASA 5510 port channel

Hello,

 

I could not find anything regarding the requirements for connecting a single ASA to multiple Nexus switches in a port channel, so manually assigning a MAC address might indeed be a remedy. Can you give that a try and report the results ?

Highlighted
Beginner

Re: MAC flapping on Nexus 3K port channel and physical interface connected to ASA 5510 port channel

So, final solution.   Assigned vMAC to ASA port channel 1, set speed 1000 and duplex full on both sides, set channel group mode active on both sides.  Port channel looks good on both ends. Thanks to everyone for all your input. 

BTW: This ASA is running 9.1(7)29 code.

vPC status

----------------------------------------------------------------------------

id     Port        Status Consistency Reason                     Active vlans

------ ----------- ------ ----------- -------------------------- -----------

1      Po1         up     success     success                    2921

2      Po2         up     success     success                    2921

3      Po3         up     success     success                    1200

4      Po4         up     success     success                    1200

5      Po5         up     success     success                    2923

 

--------------------------------------------------------------------------------

Group Port-       Type     Protocol  Member Ports

      Channel

--------------------------------------------------------------------------------

1     Po1(SU)     Eth      LACP      Eth1/17(P)

2     Po2(SU)     Eth      LACP      Eth1/18(P)

3     Po3(SU)     Eth      LACP      Eth1/42(P)

4     Po4(SU)     Eth      LACP      Eth1/41(P)

5     Po5(SU)     Eth      LACP      Eth1/35(P)

View solution in original post

CreatePlease to create content
Content for Community-Ad