Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
784
Views
2
Helpful
9
Replies

VLAN Flapping Between Ports - HSRP Configuration

aaronmcneil15
Level 1
Level 1

‎09-18-2023 05:07 AM

We have a system with 2 redundant Stratix 5410 switches are configured with hsrp. We have recently encountered what seems to be a widespread problem where if one of the switches get reset, we get constant port flapping errors that make our network unstable. If we shut one of the ports connecting the 2 5410s, the flapping issue goes away, only to reoccur as soon as the port is reenabled. Below is the VLAN, Spanning Tree and port configurations for the 2 switches. Any suggestions would be great.

Switch 1:

interface Vlan1
description Not Used
no ip address
shutdown
!
interface Vlan20
description Firewall LAN Transit
ip address 10.53.120.42 255.255.255.248
standby 19 ip 10.53.120.41
standby 19 timers 1 4
standby 19 priority 110
standby 19 preempt
!
interface Vlan30
description SCADA Management Gateway
ip address 10.53.123.2 255.255.255.0
standby delay minimum 30 reload 60
standby 30 ip 10.53.123.1
standby 30 timers 1 4
standby 30 priority 110
standby 30 preempt
!
interface Vlan101
description ESDNet Gateway
ip address 192.168.3.2 255.255.255.0
standby delay minimum 30 reload 60
standby 101 ip 192.168.3.1
standby 101 timers 1 4
standby 101 priority 110
standby 101 preempt
!
interface Vlan102
description RIONet Gateway
ip address 192.168.4.2 255.255.255.0
standby delay minimum 30 reload 60
standby 102 ip 192.168.4.1
standby 102 timers 1 4
standby 102 priority 110
standby 102 preempt
!
interface Vlan105
description SCP MCC Gateway
ip address 192.168.5.2 255.255.255.0
standby delay minimum 30 reload 60
standby 105 ip 192.168.5.1
standby 105 timers 1 4
standby 105 priority 110
standby 105 preempt
!
interface Vlan106
description UCP MCC Gateway
ip address 192.168.6.2 255.255.255.0
standby delay minimum 30 reload 60
standby 106 ip 192.168.6.1
standby 106 timers 1 4
standby 106 priority 110
standby 106 preempt
!
interface Vlan172
description ControlNet Gateway
ip address 10.53.122.2 255.255.255.0
standby delay minimum 30 reload 60
standby 172 ip 10.53.122.1
standby 172 timers 1 4
standby 172 priority 110
standby 172 preempt
!
interface Vlan173
no ip address
shutdown
!
interface Vlan999
no ip address
shutdown
!

interface Port-channel1
switchport trunk allowed vlan 20,30,101,102,105,106,172,173
switchport trunk native vlan 30
switchport mode trunk
end

interface TenGigabitEthernet1/27
description HSRP Link 1
switchport trunk allowed vlan 20,30,101,102,105,106,172,173
switchport trunk native vlan 30
switchport mode trunk
channel-group 1 mode active
end


interface TenGigabitEthernet1/28
description HSRP Link 2
switchport trunk allowed vlan 20,30,101,102,105,106,172,173
switchport trunk native vlan 30
switchport mode trunk
channel-group 1 mode active
end

spanning-tree mode mst
spanning-tree loopguard default
spanning-tree portfast edge bpduguard default
spanning-tree portfast edge bpdufilter default
spanning-tree extend system-id
spanning-tree mst hello-time 1
spanning-tree mst forward-time 4
spanning-tree mst max-age 12
spanning-tree mst 0-3 priority 4096
spanning-tree vlan 20,30,101-102,105-106,172-173 priority 4096
spanning-tree vlan 20,30,101-102,105-106,172-173 hello-time 1
spanning-tree vlan 20,30,101-102,105-106,172-173 forward-time 4
spanning-tree vlan 20,30,101-102,105-106,172-173 max-age 12

Switch # 2:

interface Vlan1
description Not Used
no ip address
shutdown
!
interface Vlan20
description Firewall LAN Transit
ip address 10.53.120.43 255.255.255.248
standby 19 ip 10.53.120.41
standby 19 timers 1 4
standby 19 priority 90
standby 19 preempt
!
interface Vlan30
description SCADA Management Gateway
ip address 10.53.123.3 255.255.255.0
standby delay minimum 30 reload 60
standby 30 ip 10.53.123.1
standby 30 timers 1 4
standby 30 priority 90
standby 30 preempt
!
interface Vlan101
description ESDNet Gateway
ip address 192.168.3.3 255.255.255.0
standby delay minimum 30 reload 60
standby 101 ip 192.168.3.1
standby 101 timers 1 4
standby 101 priority 90
standby 101 preempt
!
interface Vlan102
description RIONet Gateway
ip address 192.168.4.3 255.255.255.0
standby delay minimum 30 reload 60
standby 102 ip 192.168.4.1
standby 102 timers 1 4
standby 102 priority 90
standby 102 preempt
!
interface Vlan105
description SCP MCC Gateway
ip address 192.168.5.3 255.255.255.0
standby delay minimum 30 reload 60
standby 105 ip 192.168.5.1
standby 105 timers 1 4
standby 105 priority 90
standby 105 preempt
!
interface Vlan106
description UCP MCC Gateway
ip address 192.168.6.3 255.255.255.0
standby delay minimum 30 reload 60
standby 106 ip 192.168.6.1
standby 106 timers 1 4
standby 106 priority 90
standby 106 preempt
!
interface Vlan172
description ControlNet Gateway
ip address 10.53.122.3 255.255.255.0
standby delay minimum 30 reload 60
standby 172 ip 10.53.122.1
standby 172 timers 1 4
standby 172 priority 90
standby 172 preempt
!
interface Vlan173
no ip address
shutdown
!
interface Vlan999
no ip address
shutdown
!

interface Port-channel1
switchport trunk allowed vlan 20,30,101,102,105,106,172,173
switchport trunk native vlan 30
switchport mode trunk
end

interface TenGigabitEthernet1/27
description HSRP Link 1
switchport trunk allowed vlan 20,30,101,102,105,106,172,173
switchport trunk native vlan 30
switchport mode trunk
channel-group 1 mode active
end


interface TenGigabitEthernet1/28
description HSRP Link 2
switchport trunk allowed vlan 20,30,101,102,105,106,172,173
switchport trunk native vlan 30
switchport mode trunk
channel-group 1 mode active
end

spanning-tree mode mst
spanning-tree loopguard default
spanning-tree portfast edge bpduguard default
spanning-tree portfast edge bpdufilter default
spanning-tree extend system-id
spanning-tree mst hello-time 1
spanning-tree mst forward-time 4
spanning-tree mst max-age 12
spanning-tree mst 0-3 priority 8192
spanning-tree vlan 20,30,101-102,105-106,172-173 priority 8192
spanning-tree vlan 20,30,101-102,105-106,172-173 hello-time 1
spanning-tree vlan 20,30,101-102,105-106,172-173 forward-time 4
spanning-tree vlan 20,30,101-102,105-106,172-173 max-age 12

Labels:
0 Helpful
9 Replies 9

marce1000
VIP
VIP

‎09-18-2023 05:13 AM

 

 - Configure a central syslog server on the stratix and the cisco switches ; examine logs arriving on it when these issues start ; 
                                                                  You may get more insights , 

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

aaronmcneil15
Level 1
Level 1
In response to marce1000

‎09-18-2023 05:17 AM

Attached is a screenshot of the switch logs as the issue is happening.

Preview file
187 KB
0 Helpful

aaronmcneil15
Level 1
Level 1

‎09-18-2023 06:05 AM

Question to anyone who might know, should I have the Standby Preempt statement in both switches, or only the one I wish to be primary?

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to aaronmcneil15

‎09-18-2023 06:38 AM

Assuming that you care about which switch is primary when both switches are active then preempt is important on the primary switch. That means that if there was some problem, the primary failed for some reason, the other switch became the active HSRP peer, the original primary switch comes back into service, the primary switch can become the active peer. Without preempt the "primary" switch would not become the active peer.

Since there is not anything in your config that would lower the priority of the primary then there is no benefit in configuring preempt on the secondary switch.

HTH

Rick
0 Helpful

aaronmcneil15
Level 1
Level 1
In response to Richard Burts

‎09-18-2023 11:59 AM

If preempt is present on both switches, could that cause problems if the primary switch would lose power temporarily? We see the port flapping issue when the primary switch is rebooted.

Richard Burts
Hall of Fame
Hall of Fame
In response to aaronmcneil15

‎09-18-2023 05:53 PM

If preempt were present on both switches it would not cause any problem. To re-phrase my previous response - having preempt on the secondary switch will do not harm, but it also will not provide any benefit. So my suggestion is to keep things simple where we can and not put preempt on the secondary switch.

HTH

Rick
0 Helpful

MHM Cisco World
VIP
VIP
In response to aaronmcneil15

‎09-18-2023 10:44 PM

Preempt with delay 

Or 

EEM shutdown the port 

Can solve issue.

0 Helpful

paul driver
VIP
VIP

‎09-18-2023 11:46 PM

Hello
spanning-tree portfast edge bpdufilter default < wow!!!!  I would remove this ASAP , it can cause you all sorts of problems, including the one you are experiencing now.

Also your running mst spanning-tree, but you are have vlan priority's not relating to mst mode and are manually pruning the switch trunks however MST is per-instance NOT per-vlan so you shouldn't be pruning the trunks
 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

BrianSekleckiGE
Level 1
Level 1

‎09-19-2023 12:22 AM

I was going to ask you if you were also running (but not shown /exempted from your config) if you were also running PRP (using these IE4000/Stratix 5400's as a PRP Redbox).

Because STP doesn't run on PRP interfaces, one has to ensure that VLANs being sent to a PRP do not transit over the ISL/Dot1Q Trunk between the Switches/Redboxes.  This would be accomplished with a very selective "switchport trunk allowed vlans [X]" statement.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card