cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5051
Views
0
Helpful
14
Replies
Highlighted
Beginner

syslog message : %SW_MATM-4-MACFLAP_NOTIF

Hello,

I have the setup displayed in the attached diagram in production. The connection between the 6509 and the 2821 is a trunk and I have subinterfaces configured on the router side. The 6509 is connected to the 2960 with two access ports. The ports on the 2960 side are on the same vlan. The ports on the 6509 side are on different vlan corresponding to the subinterfaces on the 2821.

The issue I am having is I keep getting the follwoing in the console log of the 2960

Dec  7 15:54:46: %SW_MATM-4-MACFLAP_NOTIF: Host XXXX.XXXX.XXXX in vlan 10 is flapping between port Fa0/17 and port Fa0/16

The mac address mentioned in the above syslog message is that of the Gi0/1 interface on the 2821. Also on the 6509 I have the following line of log:

Nov 26 16:59:29.351 : %SPANTREE-SP-7-RECV_1Q_NON_TRUNK: Received 802.1Q BPDU on non trunk FastEthernet3/27 VLAN31.
Nov 26 16:59:29.351 : %SPANTREE-SP-7-BLOCK_PORT_TYPE: Blocking FastEthernet3/27 on VLAN0031. Inconsistent port type.
Nov 26 16:59:44.346 : %SPANTREE-SP-2-UNBLOCK_CONSIST_PORT: Unblocking FastEthernet3/27 on VLAN0031. Port consistency restored

Is this going to create a loop in the network? what can I do to solve this issue

regards,

Abebe Amare - CCNP, CCNA (VOICE)

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Abebe,

Gotcha, In that case either put everyone in one VLAN from the 6500 perspective, and use a secondary IP address on the subinterface of the 2821 (so you essentially have two network ranges mapped to one subint/vlan), or use one VLAN per memotec, then configure the linksys ports as access, and a trunk to the 2960 the a etherchanneled trunk from the 2960 to the 6K.

As a hybrid version of the two really won't work.

Good luck.

Chris

View solution in original post

14 REPLIES 14
Highlighted
Advisor

Hi,

Can you put something else than Visio files please because not everyone has got Visio.

Don't forget to rate helpful posts.
Highlighted

sorry, my bad.

I have attached the diagram in jpg format.

Highlighted

Can you post config of 2960 and 6509 please.

Regards.

Don't forget to rate helpful posts.
Highlighted

Dear,

I have included only the interface configuration on both switches as well as on the 2821

Interface configuration on 6509

spanning-tree mode pvst

!

interface FastEthernet3/25
description Trunk-to-WAN-Router
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,30,31
switchport mode trunk
speed 100
duplex full
!
interface FastEthernet3/26
description connection to M

switchport
switchport access vlan 30
switchport mode access
!
interface FastEthernet3/27
descritption connection to Y

switchport
switchport access vlan 31
switchport mode access

Interface configuration on 2960 side

interface FastEthernet0/16
description Connection-to-M
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/17
description Connection-to-Y
switchport access vlan 10
switchport mode access

!

spanning-tree mode pvst

Configuration on 2821

interface GigabitEthernet0/1
no ip address
duplex full
speed 100
!        
interface GigabitEthernet0/1.30
description Connection to M
encapsulation dot1Q 30
ip address 172.16.xx.xx 255.255.255.252
!        
interface GigabitEthernet0/1.31
description Connection to Y
encapsulation dot1Q 31
ip address 172.16.xx.xx 255.255.255.248

regards,

Abebe A.

Highlighted

Hi,

I'd recommend configuring a etherchannel between the 6509 and the 2960.  Follow the following guide:

http://www.cisco.com/en/US/tech/tk389/tk213/technologies_configuration_example09186a0080094689.shtml


This will create one logical port adn will stop the issues you are seeing, plus utilise both ports and add redundency.

Regards,


Jimmy

Highlighted

Abebe,

If I understood your correctly then yes it could cause a loop.

You have your 6500 connected via two links to your 2960, I believe you mean that on the 2960 both links are configured as VLAN 10.  While on the 6500 side the links are configured in two different VLANs.  Configuring each end of the link to be in a different VLAN is really a bit of a hack, it can work in certain very specific situations, but is really not a good design choice, in your case it is likely causing the MAC flapping.

If you take a normal scenario where all four ports in the same VLAN (say 10), lets say the 6500 is the root, he will put both of his ports in DESG FWD mode, while the 2960 will have one in ROOT and the other in BLK.  So lets say the 6500 receives a packet destined to an unknown MAC floods it out of both interfaces, the 2960 receives it on both interfaces, but will not populate its CAM entries on the BLK ports, so the MAC points to the root port.

If you have a VLAN mismatch, you may find both ports are in a FWDing state on the 2960, so the MAC will be learned on both interfaces or more specifically will flap between the two (different PVIDs in the BPDUs).  This is not as big a problem as the potential for a loop however.  In addition, the error message on the 6500 seems to suggest one end of the link is a trunk the other is an access, which would be also a configuration mistake.

Likely you want to configure the port as a trunk between the 6500 and the 2960, and put it into a port-channel.  If you could attach the config from the two ports on the 6500 and the two ports on the 2960 I can give you more specific feedback.

Also I am presuming that fa3/27 on the 6500 connects to one of the 2960's?

hth

Chris

Highlighted

Hi Chris,

let me give you detail explanation of why I configured it as it is.

I have remote sites that connect to our main site using VSAT. The VSAT is mainly for GSM BTS backhaul. But on the VSAT network they have a memotec device which is kind of a compressin and mux device (as much as I understood). There is one memotec device in the core network which connects to the linksys switch in my diagram. This memotec device does not support dot1q trunking and subinterfaces. on each remote memotec device we connect Cisco 871 routers to setup GRE tunnels to the 2821 in the core network (included in the diagram).

So in order to separate each remote network I setup sub interfaces on the 2821 router and configured the trunk to the 6509. The two ports connecting the 6509 to the 2960 are on the same vlan (on the 2960 side) as the memotec in the core network.

I can't make the ports on the 6509 side to be in the same vlan because I want to have separate (L3) interfaces on the 2821 for eace remote network. That was my original design.

best regards,

Abebe A.

Highlighted

Hi,

So you want VLAN10 for your vsat product but don't want it to appear on 6509, that's it?

Don't forget to rate helpful posts.
Highlighted

My requirement was to have multiple sub interfaces on the 2821 side on different VLANs on the 6509 side to be able to communicate to the VSAT equipment .This is aslo because the router does not support two sub interfaces in the same VLAN.

Highlighted

cisabucho wrote:

My requirement was to have multiple sub interfaces on the 2821 side on different VLANs on the 6509 side to be able to communicate to the VSAT equipment .This is aslo because the router does not support two sub interfaces in the same VLAN.

True, but you could use a secondary IP address on the same sub interface of the 2821.

Chris

Highlighted

Abebe,

So is the link between the Linksys and the  2960 a trunk or an access?

Does the memotec device need to be in  multiple VLANs or just the one?


So I guess what you are doing is configuring all ports as access in VLAN  10 on the 2960 because you have no way of inteligently deciding at the memotec  side which VLAN it should go into.  In other words treating everything as one VLAN from the 2960 down, and multiple VLANs from the 6500 up.

The  2960 sees both ports as in the same VLAN but the 6500 does not, as such  the 6500 sends Vlan 30 traffic over one link, populating the CAM tables  on the correpsonding interface of the 2960, while the VLAN 31 traffic  over the other link populates the 2960's CAM tables there.  So providing  the conversation is initiated (or at least responded to) at some point  in the 6500 -> 2960 direction your CAM tables while technically wrong  will forward the VLAN 30 MAC addresses out of one link, and the VLAN 31  MAC addresses out of the other link.   Is this what you are trying to  acheive?

Which works in theory (although is an  extremely complex way of doing things), but not if the same MAC address  is used in multiple VLANs.  This can happen in a variety of scenarios such as same HSRP group on multiple interfaces, or the fact the same MAC address is used on multiple L3 interfaces on a switch, which is likely what causes your MAC flapping.  Although you could configure a static MAC address on  each VLAN interface to avoid this (not possible on all platforms  though).  Also you need to keep in mind that PVST carries the PVID field in the TLV at the end of the BPDU, which is possibly where the err-disable reason comes from, so you may need to disable STP to keep the links forwarding constantly (but that is another can of worms right there).

I can't really understand why each memotec device would need to exist in multiple VLANs while not supporting dot1q tagging (or at least have multiple NIC/Interfaces).  So I think your main focus here is going to be to get the VLAN 30 devices connected to a VLAN 30 access port, and VLAN 31 access devices on a VLAN 31 access port (either on the linksys, or on the 2960).

Chris

Highlighted

Hi Chris,

Thank you for the very informative reply.

sorry to give incorrect information before. For each remote site there is a corresponding memotec on the core site. I have included an updated diagram. The link between the linksys switch and the 2960 is an access port. The memotec device needs to be in just one vlan. Previously the 2821 was connected directly to the 2960. The whole issue of assigning multiple vlans on the 6509 side came after I was unable to configure multiple sub interfaces on the 2821 side with the same vlan tagging. If I have an alternative to this I will do it but at the time that was the best I could come up with.

As a last resort I will decide to connect each memotec on to the 2960 on separate VLANs.

best regards,

Abebe A.

Highlighted

Abebe,

Gotcha, In that case either put everyone in one VLAN from the 6500 perspective, and use a secondary IP address on the subinterface of the 2821 (so you essentially have two network ranges mapped to one subint/vlan), or use one VLAN per memotec, then configure the linksys ports as access, and a trunk to the 2960 the a etherchanneled trunk from the 2960 to the 6K.

As a hybrid version of the two really won't work.

Good luck.

Chris

View solution in original post

Highlighted

Hi Chris,

I want to thank you and the others who helped me on this case. I will implement your recommendation today after hours (I am in GMT+3 time zone).

best regards,

Abebe

Content for Community-Ad