05-20-2020 02:40 PM
Hey folks, I hope I'm posting this correctly,
I have a single ASA 5510 with a simple port channel connecting to a pair of Nexus 3K's with a peer link between them. The 3K's are complaining of mac flapping between the port channel interface and the physical interface connected to the first 3K. The MAC its seeing is assigned to both the ASA port channel interface as well as the lowest interface of the ASA. I understand the ASA assumes the MAC of the lowest interface if one is not assigned. Is assigning a virtual MAC to the ASA port channel interface the fix for this? I can't find any documentation stating that's a requirement. Also, does the 3K require the port channel to be configured as a trunk even though this is just an access port?
Thanks - Brian.
Solved! Go to Solution.
05-21-2020 12:39 PM
So, final solution. Assigned vMAC to ASA port channel 1, set speed 1000 and duplex full on both sides, set channel group mode active on both sides. Port channel looks good on both ends. Thanks to everyone for all your input.
BTW: This ASA is running 9.1(7)29 code.
vPC status
----------------------------------------------------------------------------
id Port Status Consistency Reason Active vlans
------ ----------- ------ ----------- -------------------------- -----------
1 Po1 up success success 2921
2 Po2 up success success 2921
3 Po3 up success success 1200
4 Po4 up success success 1200
5 Po5 up success success 2923
--------------------------------------------------------------------------------
Group Port- Type Protocol Member Ports
Channel
--------------------------------------------------------------------------------
1 Po1(SU) Eth LACP Eth1/17(P)
2 Po2(SU) Eth LACP Eth1/18(P)
3 Po3(SU) Eth LACP Eth1/42(P)
4 Po4(SU) Eth LACP Eth1/41(P)
5 Po5(SU) Eth LACP Eth1/35(P)
05-20-2020 04:00 PM
Can you post the MAC flapping Log and interface config and po configuraiton to verify.
also post show vpc out
05-20-2020 07:32 PM
05-21-2020 01:18 AM
Hi @Brian Reed
There is no requirement for vPC port-channels to be trunk. This looks like, most likely, a loop somewhere, or incorrect configuration or a bug.
What do you see on the second vPC peer from mac move perspective?
Also, is the vPC 5 up? Can you share from both vPC peer switches:
show vpc
show port-channel summary
Regards,
Sergiu
05-21-2020 11:16 AM
Agreed with @Georg Pauwen here, you can not have dual leg in single vPC, some design issue here.
I was in impression you have Cluster of ASA
05-21-2020 11:53 AM
05-21-2020 12:27 AM
Hello,
I could not find anything regarding the requirements for connecting a single ASA to multiple Nexus switches in a port channel, so manually assigning a MAC address might indeed be a remedy. Can you give that a try and report the results ?
05-21-2020 12:39 PM
So, final solution. Assigned vMAC to ASA port channel 1, set speed 1000 and duplex full on both sides, set channel group mode active on both sides. Port channel looks good on both ends. Thanks to everyone for all your input.
BTW: This ASA is running 9.1(7)29 code.
vPC status
----------------------------------------------------------------------------
id Port Status Consistency Reason Active vlans
------ ----------- ------ ----------- -------------------------- -----------
1 Po1 up success success 2921
2 Po2 up success success 2921
3 Po3 up success success 1200
4 Po4 up success success 1200
5 Po5 up success success 2923
--------------------------------------------------------------------------------
Group Port- Type Protocol Member Ports
Channel
--------------------------------------------------------------------------------
1 Po1(SU) Eth LACP Eth1/17(P)
2 Po2(SU) Eth LACP Eth1/18(P)
3 Po3(SU) Eth LACP Eth1/42(P)
4 Po4(SU) Eth LACP Eth1/41(P)
5 Po5(SU) Eth LACP Eth1/35(P)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide