06-24-2024 02:13 AM
Hello,
I have N5K-C5548P and configured keepalive link between 2 SWs ,, as L3 then I got an issue,, after troubleshooting and search, the solution was either install LAN_BASE_SERVICES_PKG license or L2 Interface mit int vlan ,,, I did the second option and got flapping
2024 Jun 6 12:17:47 SW-B %FWM-6-MAC_MOVE_NOTIFICATION: Host 547f.ee25.xxxx in vlan 123 is flapping between port Eth1/9 and port Po1
For sure, due to the loop
HYG the config:::
interface Ethernet1/9
description VPC KEEPALIVE
switchport access vlan 123
speed 1000
!
interface port-channel1
description vPC-PeerLink
switchport mode trunk
no lacp suspend-individual
spanning-tree port type network
speed 1000
service-policy type qos input PM-QOS-TRUST
vpc peer-link
!
interface Vlan123
no shutdown
vrf member keepalive
ip address 10.0.0.2/30
06-24-2024 02:26 AM
it simple
remove VLAN 123 from Peer Link
switchport trunk allowed vlan remove 123
this VLAN use only as keepalive not as vpc VLAN
MHM
06-24-2024 02:32 AM - edited 06-24-2024 02:40 AM
I have done that already but no luck
I removed the vlan 123 then shut and no shut for E1/9 but same issue
!
SW-A# sh vlan id 123
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
123 KEEPALIVE active Eth1/9
VLAN Type Vlan-mode
---- ----- ----------
123 enet CE
!
SW-A# sh int e1/9 status
--------------------------------------------------------------------------------
Port Name Status Vlan Duplex Speed Type
--------------------------------------------------------------------------------
Eth1/9 VPC KEEPALIVE notconnec 123 full 1000 SFP-1000BAS
!
06-24-2024 03:05 AM
can I see
show vpc brief
MHM
06-24-2024 03:14 AM
06-24-2024 03:46 AM
I will assume that PO90 also not allow vlan123
Can you check the STP' it can it but the port into bridge assurance (BA)
MHM
06-24-2024 04:45 AM
so, which ports should vlan123 added to?
Noting that it was up the day of config and after 10 days, suddendly it became down (so I will check also if this is a physical issue)
06-24-2024 04:50 AM
so, which ports should vlan123 added to?
Answer:- Only e1/9 this special vlan use for keepalive not for other data traffic.
Noting that it was up the day of config and after 10 days, suddendly it became down (so I will check also if this is a physical issue)
Answer:- I see notconnec in show you share' this mainly see if there is l1 issue like speed' but I dont care since the mac is seeing flapping i.e. there is traffic pass e1/9 so it connect' correct me if I am wrong
MHM
06-24-2024 04:52 AM
FYI I already run lab and allow vlan in peer link and immediately keepalive is down when I remove it the keepive is UP and peer is reachable.
So friend step by step check' check l1 then check allow of vlan.
MHM
06-24-2024 07:15 AM - edited 06-24-2024 07:21 AM
strange, I tried same ports but not solved ,, I changed the ports to e1/31 with no config ,,, no shut ,, then speed 1000 ,, also got not connected,,,,, so i guess it is L1 issue OR there is a licence to be added (because the default config that the port is assigned to VLAN1 ,,, when I write no switchport ,,, I got in the output (2024 Jun 24 15:30:25 HHLOKNET-NDFC-POC-A %ETHPORT-5-IF_DOWN_L3_NOT_READY: Interface Ethernet1/31 is down (L3 not ready))
06-24-2024 07:29 AM
I know this for N6K not for N5K but I think it same.
Check cisco reply' there are some port run bpduguard by defualt' that can make port down or errdisable.
The solution is bpdufilter but that too risky' so friend can you get license abd use l3 port ? It more safe.
Thanks
MHM
06-24-2024 07:34 AM
Please friend ask more and more before apply any command effect stp domain.
I will do my best to help you
So first thing to check if link I share is correct or not is check stp is it blk the port or not.
Thanks
MHM
06-24-2024 07:50 AM - edited 06-24-2024 07:50 AM
thanks so mcuh for your support, actually there are no blocked ports as per the below output ,, I will try to install the license but not sure because this is a lab enviornment.
!
SW-NDFC-POC-A(config-if)# sh spanning-tree summary totals
Switch is in rapid-pvst mode
Root bridge for: none
Port Type Default is disable
Edge Port [PortFast] BPDU Guard Default is enabled
Edge Port [PortFast] BPDU Filter Default is disabled
Bridge Assurance is enabled
Loopguard Default is disabled
Pathcost method used is short
STP-Lite is enabled
Name Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
112 vlans 0 0 0 223 223
!
SW-NDFC-POC-A# show spanning-tree interface ethernet 1/31
No spanning tree information available for Ethernet1/31
06-24-2024 07:58 AM
If this lab then I hope we can solve it together
""No spanning tree information available for Ethernet1/31""
And now you use vlan 112' so this vlan is not add to nexus db
You need to add this vlan via
Vlan 112
Name VLAN112
That it'
And this time please remove this new vlan from peer-link and PO90 before add vlan to db.
Add IP to vlan SVI and use it as keepalive.
Waiting good news
MHM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide