1

I've got 2 stacks of Catalyst 4506-E switches (Core01 & Core02) with a 4 link port channel (Po1) configured between them. I've got 2 routers, a 3845 and a 7206VXR connected to both Core01 & Core02 at ports Gi4/45 and Gi2/11 on both switches. A quick diagram:

Core1-2

While trying to chase down a different(?) issue, I noticed in the output of show logging from Core01 and Core02 was: 

Oct 19 15:16:24.807: %C4K_EBM-4-HOSTFLAPPING: Host 00:25:84:EA:60:80
in vlan 999 is moving from port Gi4/45 to port Po1 Oct 19
15:16:24.807: %C4K_EBM-4-HOSTFLAPPING: Host 00:25:84:EA:60:80 in vlan
999 is moving from port Po1 to port Gi4/45 Oct 19 15:16:34.188:
%C4K_EBM-4-HOSTFLAPPING: Host 00:22:0D:92:B0:1B in vlan 999 is moving
from port Gi2/11 to port Po1 Oct 19 15:16:34.236:
%C4K_EBM-4-HOSTFLAPPING: Host 00:22:0D:92:B0:1B in vlan 999 is moving
from port Po1 to port Gi2/11 Oct 19 15:16:35.080:
%C4K_EBM-4-HOSTFLAPPING: Host 00:25:84:EA:60:80 in vlan 999 is moving
from port Gi4/45 to port Po1 Oct 19 15:16:35.128:
%C4K_EBM-4-HOSTFLAPPING: Host 00:25:84:EA:60:80 in vlan 999 is moving
from port Po1 to port Gi4/45 Oct 19 15:16:44.189:
%C4K_EBM-4-HOSTFLAPPING: Host 00:22:0D:92:B0:1B in vlan 999 is moving
from port Gi2/11 to port Po1 Oct 19 15:16:44.189:
%C4K_EBM-4-HOSTFLAPPING: Host 00:22:0D:92:B0:1B in vlan 999 is moving
from port Po1 to port Gi2/11 Oct 19 15:16:45.081:
%C4K_EBM-4-HOSTFLAPPING: Host 00:25:84:EA:60:80 in vlan 999 is moving
from port Gi4/45 to port Po1 Oct 19 15:16:45.125:
%C4K_EBM-4-HOSTFLAPPING: Host 00:25:84:EA:60:80 in vlan 999 is moving
from port Po1 to port Gi4/45

Over and over again. Those 2 MAC addresses,00:25:84:EA:60:80 & 00:22:0D:92:B0:1B correspond to BVI1 on the 3845 and the 7206VXR, respectively.

Output of sh vlan id 999:

VLAN Name                             Status    Ports
---- -------------------------------- --------- ------------------------------- 999  Core                             active    Gi1/3, Gi1/4, Gi2/11, Gi2/25, Gi2/31, Gi3/18, Gi3/20,
Gi3/22, Gi3/24, Gi3/26, Gi3/28
                                                Gi3/32, Gi4/4, Gi4/7, Gi4/11, Gi4/15, Gi4/27, Gi4/45, Gi5/2, Gi5/3, Gi5/4, Gi5/5
                                                Gi5/10, Gi5/25, Gi5/26, Gi5/27, Gi5/28, Gi5/34, Gi5/36, Po1

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode
Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------ 999  enet  100999     1500  -      -      -        -    -        0      0 

Remote SPAN VLAN
---------------- Disabled

Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------

So, port channel Po1 is in vlan 999, as are Gi2/11 and Gi4/45, Which I'm assuming is a problem, and is causing these messages. My question is this; I inherited this setup, I didn't build it,but I also haven't changed it. I've built a Debian Rancid server thats handling configuration diffs, so if this was something that was new, I'd have gotten an email about it. I admit I haven't gone back and looked at every config diff I've received in the past year, but I went back far enough to know this isn't a new change, I can assume it has been doing this for a while now. However, I see that message, I think loop.

Is it incorrect to have Po1 and the interfaces that are connected to the routers in the same vlan? Also, those ports are access ports, should I not trunk them? Any ideas would be appreciated.

Thanks,

Frederik
  • 3,293
  • 3
  • 30
  • 46
CD305865
  • 15
  • 1
  • 4
  • That is definitely loop, and it works without problems just because Cisco manages it. It is hard to say anything about your port-channel, as we don't know, what traffic do you send through it, but as you have two uplinks for each stack, it is most likely the traffic between the stacks, so it should be in different VLAN from uplinks. – Hardy Rust Oct 20 '16 at 09:44

1 Answers1

2

Yes there is a problem and you are one step away from making a loop, but its not because of keeping Po1 and interface connected to the router in the same VLAN. When you Stack two switches, They work as one even if they are part of VSS(Virtual Switching System). The brain of the two switches become one and all the switching decisions are made by one switch(which is the active among two).

Now what happens when you connect two cables from a router to a switch and in same VLAN? Yes, thats right it will get same MAC from both ports.

Is it incorrect to have Po1 and the interfaces that are connected to the routers in the same vlan?

Absolutely not. You are making it more secure and its good. :)

Also, those ports are access ports, should I not trunk them?

No, You should rather turn the two ports connected to the router into a port-channel respectively. As I said after stacking they behave as one, Hence you should port channel both Gi2/11 as(lets say) Po2 and both Gi4/45 as Po3. Keep both port-channels in Vlan 999, Also Ether-channel the ports on the router(but I think that is already done, as you are getting MAC from both interfaces) and I am sure the logs will vanish.

Hope this Helps!

Anirudh Malhotra
  • 1,290
  • 7
  • 11
  • Thanks- I think I explained this incorrectly, though. Core01 and Core02 aren't stacked together, they are 2 separate stacks of 4506 switches with a port channel between them. Technically they operate independently. After looking at this for a while, I realize I can "fix" this by removing one link from each router, but I imagine this was originally set up for redundancy. Would I achieve the same result following your instructions if I had both links coming the 3845 connected to 2 ports on, say Core01 and both links from the 7206 connected to 2 ports on Core02?. – CD305865 Oct 27 '16 at 14:05
  • I though Core1 and Core2 are stacked, Sorry for that. Are the two interfaces on 3845 and the two interfaces on 7206 bonded respectively on their routers? – Anirudh Malhotra Oct 27 '16 at 14:10
  • I meant to update; this was resolved by moving both links from each of the routers into a single core switch and bonding them both as separate port channels. Thanks! – CD305865 Dec 22 '16 at 14:45