02-06-2017 01:14 AM - edited 03-08-2019 09:12 AM
Hi, all
We have two VLANs (ID=2 and ID=10) in office LAN (about 10 CISCO switches and 2 CISCO routers.).
One day, Someone installed a new switch. New switch has default configuration(all ports in VLAN ID=1).
Then, Someone connect new switch to one of working switch by two links.
Link 1: New Switch port 1(access, vlan1) to Working switch port 1(access, vlan 2)
Link 2: New Switch port 2(access, vlan1) to Working switch port 2(access, vlan 10)
As a result, the office LAN stopped working.
Pings to gateway from any PC lost.
One of PC have mac address: 54be.f752.16b7.
So. This is what I saw on the Router, that is gateway for VLANs 2 and 10:
Router#sh mac add | inc 16b7
2 54be.f752.16b7 DYNAMIC Gi0/3
10 54be.f752.16b7 DYNAMIC Gi0/2
So. I can't uderstand why LAN stop working in this case? VLANs not is same, so no loopback here.
Any idea?
02-06-2017 01:27 AM
Hi
did you check the spanning-tree to see if it ties in with the outage times
check the switches with this command
show spanning-tree detail | inc ieee|occurr|from|is exec
do you have any logs from the switches you connected to ?
02-06-2017 02:03 AM
Hi. Mark
Thank you for fast reply.
Maybe it has something to do with the case:
VLAN0002 is executing the ieee compatible Spanning Tree protocol
Number of topology changes 707 last change occurred 4d21h ago
from GigabitEthernet0/3
VLAN0010 is executing the ieee compatible Spanning Tree protocol
Number of topology changes 730 last change occurred 4d21h ago
from GigabitEthernet0/2
No similar information in syslogs. Syslog level set to informational.
I understand that something went wrong. But I can not understand why.What is the reason of LAN crash?
What should I do for this situation is not repeated?
02-06-2017 02:14 AM
when exactly was it installed/connected ?
do you have the logs from the switch and the times it occurred and the ports involved ?
did the ports go err-disabled ?
you need to know exactly what happened first before you can prevent it again , it may help to have the switch configured with the correct vlans before connecting it the next time to each port
02-06-2017 02:43 AM
New switch actually is the CITRIX Server with 4-ports line card. So, no any logs.
There are no PM-4-ERR_DISABLE messages from nearest switches.
The problem is that not enough information.
That's why I appealed to you to hear an authoritative opinion.
What could theoretically happen and how to prevent it in the future?
Why do I see PC's mac address from gateway, but ping between PC and gateway lost?
02-06-2017 02:50 AM
how long ago did it happen ?
without logs your just guessing really , the mac and arp tables are separate , just because you see the mac address does not mean you can ping it , was the ip arp resolved to the that mac address or was it incomplete at the time you seen it at the gateway
dual linking a server with a switch module to 2 switches like that is going to cause some form of stp calculation , were your ports configured with portfast on Cisco side ?
02-06-2017 03:09 AM
The port where is connected the server:
interface FastEthernet0/30
switchport access vlan 2
switchport mode access
switchport voice vlan 602
spanning-tree portfast
The gateway(router) and PC are in one VLAN. From the gateway I saw PC's mac in two different VLANs. As I known every vlan has it's own mac address table.
So, what may be in this case to prevent work IP proto? In theory.
02-06-2017 03:16 AM
does the stp timer change tie in with the install ?
last change occurred 4d21h ago
did you check the arp table for that PC mac to see if it was associated with 2 ips ?
Its most likely the result of a loop when you see a mac in multiple vlans
***************
Title | Workstations' MAC addresses learned on two different VLANs in the same switch |
---|
Question |
|
---|
Environment |
|
---|
Answer |
|
---|
02-06-2017 03:25 AM
No, i didn't check arp table. Didn't have time
Seems like my issue.
But is there a way to prevent this problem?
What is best practices to avoid loops across VLANs ?
02-06-2017 03:36 AM
dual links cause loops if not configured properly , I don't know what that citrix 4port device is capable of if it even understands stp, if your connecting anymore I would only connect 1 link at a time and make sure everything is converged/configured and working before connecting the 2nd link
02-06-2017 03:52 AM
As I understood, If all of LAN switches can STP, and if the across VLANs loop appears, so one port must be blocked, according to STP routine.
But if BPDU can't pass thru the CITRIX, STP will not working right?
By the way, because of VLANs acrossing in one point only. we can't see broadcast storm. No full loop. Just acrossing.
03-31-2021 03:25 AM
Hi all
Just has this problem at a customer site.
Until i checked the logs from this switch it gave me the info i needed.
The gateway on the 2 vlans are a firewall/router and typical we use a subinterface (To be smart
BUT the router is a mac saving son of a b...
It uses the same MAC on all sub interfaces.
Then we will have mac flap on the 2 vlans. They se the mac on the uplink port and on the short circuit port.
That will kill both vlans, but no spanning bloked, no flooded traffic.. just small mac flap msg in log.
Just a small info to those run into this problem.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide