10-30-2023 02:49 PM
Hi all,
I am experiencing an issue with STP trying to connect two gig ports of an ASR1006 to a couple 2960S switches for redundancy. The two 2960S are not stacked.
On the ASR1006 side the interfaces are bridged and configured as follows:
spanning-tree mode rapid-pvst
spanning-tree loopguard default
spanning-tree extend system-id
interface GigabitEthernet0/1/7
no ip address
negotiation auto
service instance 1 ethernet
encapsulation untagged
bridge-domain 1
end
interface GigabitEthernet1/1/7
no ip address
negotiation auto
service instance 1 ethernet
encapsulation untagged
bridge-domain 1
end
interface BDI1
ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
no ip redirects
no ip unreachables
no ip proxy-arp
ip access-group ACL-IPV4-ANTISPOOF-OUT in
cdp enable
no mop enabled
end
On the 2960S switches side the configuration is the following:
- switch 1
spanning-tree mode rapid-pvst
spanning-tree loopguard default
spanning-tree logging
spanning-tree extend system-id
spanning-tree vlan 1,500-503 priority 0
interface Port-channel1
description sw2-Po1
switchport trunk allowed vlan 1,500-503
switchport mode trunk
load-interval 30
spanning-tree link-type point-to-point
end
interface GigabitEthernet1/0/7
switchport access vlan 500
switchport mode access
load-interval 30
end
- switch 2
spanning-tree mode rapid-pvst
spanning-tree loopguard default
spanning-tree logging
spanning-tree extend system-id
spanning-tree vlan 1,500-503 priority 4096
interface Port-channel1
description sw1-Po1
switchport trunk allowed vlan 1,500-503
switchport mode trunk
load-interval 30
spanning-tree link-type point-to-point
end
interface GigabitEthernet1/0/7
switchport access vlan 500
switchport mode access
load-interval 30
end
The error I am facing is the following:
000353: Oct 30 19:08:00.201 UTC: %SW_MATM-4-MACFLAP_NOTIF: Host 0000.5e00.0101 in vlan 500 is flapping between port Po1 and port Gi1/0/7
000354: Oct 30 19:08:00.274 UTC: %SW_MATM-4-MACFLAP_NOTIF: Host aca0.16dd.d7c1 in vlan 500 is flapping between port Gi1/0/7 and port Po1
000355: Oct 30 19:08:00.274 UTC: %SW_MATM-4-MACFLAP_NOTIF: Host c47d.4ff5.a479 in vlan 500 is flapping between port Po1 and port Gi1/0/7
000356: Oct 30 19:08:00.421 UTC: %SW_MATM-4-MACFLAP_NOTIF: Host f490.ea00.937e in vlan 500 is flapping between port Gi1/0/7 and port Po1
000357: Oct 30 19:08:02.916 UTC: %SYS-1-CPURISINGTHRESHOLD: Threshold: Total CPU Utilization(Total/Intr): 80%/28%, Top 3 processes(Pid/Util): 13/34%, 199/5%, 115/3%
Could someone please shed some lights on this question and point me to the right direction to solve the issue?
Solved! Go to Solution.
10-31-2023 08:08 AM
Hello @Mistery ,
either you remove the port channel between the two Cat 2960 or you connect only one port to the ASR 1006.
and be aware that BPDU filtering can only make the things worse! You have a bridging loop in Vlan 500.
The key point is that the ASR 1006 is not taking part in rapid PVST instance for VLAN 500 try to use 802.1Q trunk ports carrying vlan 500 instead of access ports but I am not sure it is enough to solve.
Hope to help
Giuseppe
10-31-2023 07:36 AM
the ASR is a router, not a switch, it will not participate in spanning-tree detection
BPDU's regeived within a bridge-group will be forwarded to other ports in the group,
but they are not "recognized"/treated as BPDU's, just forwarded
so the switch will receive it's own BPDU's sent from one and received on the other port connected to the ASR
10-31-2023 07:49 AM
Thank you for your answer, could you please elaborate more on this as I didn’t understand exactly what’s the point here, I know the asr is not a switch so how could I connect two physical bridged ports of the asr to 2 different 2960S preventing network loops? I assume the configuration of the 2960S is wrong however I also tried enabling/disabling BPDU filter on affected ports and the issue persists.
10-31-2023 08:08 AM
Hello @Mistery ,
either you remove the port channel between the two Cat 2960 or you connect only one port to the ASR 1006.
and be aware that BPDU filtering can only make the things worse! You have a bridging loop in Vlan 500.
The key point is that the ASR 1006 is not taking part in rapid PVST instance for VLAN 500 try to use 802.1Q trunk ports carrying vlan 500 instead of access ports but I am not sure it is enough to solve.
Hope to help
Giuseppe
10-31-2023 10:29 AM
Thank you Giuseppe, now this question is clearer to me, i will try your suggested solution of switching ports to trunk and removing the port channel between the two 2960S.
As a side question, stacking the two 2960S could solve the issue ? In this case I would replace the bridged interfaces on the asr with port channel and the ports on the switches side with MLACP. Would this solution be ok as well ?
11-02-2023 12:01 AM
Hello @Mistery ,
>> As a side question, stacking the two 2960S could solve the issue ? In this case I would replace the bridged interfaces on the asr with port channel and the ports on the switches side with MLACP. Would this solution be ok as well ?
Yes , stacking the two Cat 2960S is probably the best solution because it solves all the issues with STP making them a single device.
Hope to help
Giuseppe
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide