avoiding STP loop when I use 2 routers for DLSW redundancy

Unanswered Question


I have 2 catalyst 4507 as the backbone, and 2 router 2610xm running dlsw: each one connected to each 4507.

Vlan bridging is doing in dot1Q sub-interfaces at the 2610xm, and the protocol I use is vlan-bridge.

With the bridging active at the same time in both 2610xm I have no problems with loop. But when I run dlsw in both routers, and the peers become connected, I receive in both 4507 the message:

%C4K_EBM-4-HOSTFLAPPING: Host 02:00:8E:C9:0A:80 in vlan 16 is f

lapping between port Gi3/6 and port Gi3/2.

These are the ports than connect to a 2610 xm and to the other 4507 (that has connected the other 2610xm).

Cisco says this is indicating a STP loop.

My question: is it wrong this topology?, how can I get redundancy to dlsw service with 2 routers?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Giuseppe Larosa Mon, 12/01/2008 - 14:09

Hello Juan,

do you see the error message continously or only some instances time by time ?

in the second case this can be acceptable.

Verify on the two routers with

show spanning-tree what topology they think to build:

verify if both routers have the the dot1q subifs in STP forwarding state or one is in blocking

in second case you are fine otherwise there is an issue that vlan-bridge BPDUs are not travelling between the C4507 and the routers don't see each other

Hope to help


I can see the error message each 30 seconds continously, in both catalyst. Is this acceptable?

The show spantree output of both routers (both with dlsw peers connected) is:

both routers have all dot1q subif and dlsw port0 in fwd. Ther is no subif in blk state. And I can see BPDU sent and receive in all subifs of both routers.

I have tested with only a 4506 with the 2 routers connected and the problem is the same. All the interfaces are in fwd state, there is not any in blk state.

The message only appears when I connect the dlsw peers in both routers. Cisco says this indicating a STP loop.

Where is the problem?, how can I solve it?, how can I get both routers see each other?



Juan Luis.

Hi again,

the only I have with the spanning-tree loopguard and spanning-tree portfast bpduguard configured in the 4507 is that a router have all the subifs in fwd state, the other the dlsw port0 and one vlan x in state fwd and the rest of subifs in blk state.

The 4507 says that the flapping mac is only in the vlan x for the 2 interfaces connected to both routers.


Juan Luis.

Giuseppe Larosa Tue, 12/02/2008 - 11:50

Hello Juan Luis,

both routers have their subifs in forwarding mode because they don't see each other BPDUs, that are probably blocked by the two switches.

May you post the configuration of your two routers and the output of show spanning-tree on both routers.

The warning is provided for the vlan where the two switches see replicated addresses that are seen on the two routers subinterfaces.

If you are not providing IPv4 services on vlan x you could think to use two vlans x1 and x2 and to perform fallback bridging on the two switches for the two vlans x1 and x2.

This could solve the issue the two switches should be able to build a loop free topology and to use inter-vlan bridge type of STP.

Hope to help


I have probed yet with 2 bridge group, and the problem persists.

I think the issue is about the dlsw because, with the dlsw enable only in a router the messages are not. And It seems there is not layer 2 loops neither degradation of service in the network.

Almost, the message's mac that appears in the interfaces connected to both routers is exactly the mac the dlsw circuits are looking for.

This is the config:

Router A.


dlsw local-peer peer-id

dlsw load-balance circuit-count

dlsw remote-peer 0 tcp circuit-weight 10 lsap-output-list 200 dmac-

output-list 700 dest-mac 4000.5193.5001

dlsw remote-peer 0 tcp circuit-weight 10 lsap-output-list 200 dmac-

output-list 700 dest-mac 4000.5193.5001

dlsw remote-peer 0 tcp

dlsw remote-peer 0 tcp backup-peer linger 1

dlsw bridge-group 1


interface Loopback0

ip address



interface FastEthernet0/0.11

encapsulation dot1Q 11

bridge-group 1


interface FastEthernet0/0.12

encapsulation dot1Q 12

bridge-group 1


interface FastEthernet0/0.200

encapsulation dot1Q 200

ip address


ip route

bridge 1 protocol vlan-bridge

And spanning-tree:

2610xmA#show spanning-tree blockedports

Name Blocked Interfaces List

-------------------- ------------------------------------

Bridge group 1 Fa0/0.12, Fa0/0.13

Router B: it is the same config but with different addressing.

All ports are fwd. no one is blk.

And in the 4507 that have connected both routers:

%C4K_EBM-4-HOSTFLAPPING: Host 02:00:8E:C9:0A:80 in vlan 11 is f

lapping between port Gi2/1 and port Gi2/24

%C4K_EBM-4-HOSTFLAPPING: Host 02:00:8E:C9:0A:80 in vlan 11 is f

lapping between port Gi2/1 and port Gi2/24

This mac is tha macc address that the clients connecting through dlsw.

I don't understand the fallback bridging, could you say what you mean?

Giuseppe Larosa Wed, 12/03/2008 - 10:12

Hello Juan Luis,

I was suggesting to keep the two routers separated using different vlans x1, x2

in your case you should use 4 vlans and then enable the same config you have now on the two C4506 switches so that they use the inter-vlan bridge STP.

I think I found something more useful.

I would suggest you to look at the following:


see section

DLSw+ with Ethernet Redundancy Enabled for Switch Support Configuration Example

Probably a special configuration is needed to implement redundancy.

Another note is that in most examples are used physical interfaces and the STP type is IEEE not the inter-vlan bridge (that you probably need to bridge subinterfaces)

I think this can be helpful because it is similar to your scenario: there are specific commands to be given to the two DLSW routers to make them aware of the redundancy

int e 0

mac-address 4000.0000.0001

ip address

dlsw transparent redundancy-enable 9999.9999.9999 master-priority

dlsw transparent map local-mac 4000.0001.0000 remote-mac 4000.0010.0001

neighbor 4000.0000.0011

dlsw transparent timers sna 1500

the trick they use is to make the remote appear with a different MAC towards the switch(es)

Hope to help


OK, thanks. I will probe it and report to you if with this configuration the flapping message doesn't appear and the dlsw service has real redundancy with both routers.

And before a question, these mac addresses are virtual and I can use them (4000.0000.0001,4000.0001.0000...)?, Do I need to configure my remote mac address (the mac is being flapping) in the routers?


Juan Luis.

Giuseppe Larosa Thu, 12/04/2008 - 10:14

Hello Juan Luis,

my understanding is that to make the switches happy two false MAC addresses are used by the routers in dlsw reduncancy setup.

I don't know if these commands can be applied to LAN subinterface this is part of the test

Also I'm not sure this applies to your topology and scenario: you have two subinterfaces members of the same bridge-group. There is a WAN part of the DLSW as in the picture ?

Hope to help



This Discussion