01-04-2012 07:05 AM - edited 03-10-2019 12:17 PM
Hello all,
We have a remote connection from our core 5k's to a 4506 at the remote building. Currently one connection is up and running fine in normal trunking mode. However, when we bring up the secondary connection we get a loop that brings down the connection. The exact error message from logs is:
I have read that if there is NIC bonding occurring at the remote site on some servers that this could be the issue. I understand that. However, my question is this:
Can I just create a VPC by bundling the the 2 connections from my two 5k's to the 4506 and eliminate spanning tree altogether? It seems that this would be a viable solution. VPC does, after all, eliminate spanning tree.
Assistance is greatly appreciated,
Bobby Grewal
01-04-2012 08:16 AM
Hi Bobby,
can you print the entire message you see? Are you sure that one link is disabled and not just dynamic learning?
the message usually goes:
%FWM-2-STM_LOOP_DETECT: Loops detected in the network among ports Po14 and Po12 vlan 204 - Disabling dynamic learn notificationsfor 180 seconds
Are you sure that you did not see something like that instead?
The error message means that the switch has disabled learning for a period of time, this happens because the MAC flaps more than a certain number of times in a set time period. When disabled no learning takes place, then it is re-enabled shortly after.
This flapping can be an indication of a L2 loop, or as you pointed out, from some kind of NIC teaming (dual-homed servers in active/active mode for instance) for which the same mac address is seen on 2 different ports (even which normally represents a l2 loop but not in this case).
What is connected, and how, to your 4506 exactly?
About your question, it is higly risk to disable STP and should not do that.
If we are facing a NIC teaming issue you should configure your server in active/standby mode.
Riccardo
01-04-2012 08:30 AM
Riccardo,
Thanks for your quick reply. I've attached the log messages of when we brought up the secondary connection. I'll have to get with the customer on how the server(s) are connected to the 4506.
Thank you,
Bobby Grewal
01-04-2012 08:32 AM
Can you please copy and paste your VPC config on forum.
01-04-2012 11:15 AM
On City Hall 4506:
interface Port-channel98
description Uplink to Nexus 5k-1 and 5k-2
switchport trunk encapsulation dot1q
switchport mode trunk
interface GigabitEthernet1/0/4
description Uplink to Nexus 5k-1 Ethernet1/3
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 99 mode active
interface GigabitEthernet1/0/6
description Uplink to Nexus 5k-2 Ethernet1/3
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 99 mode active
On Nexus 5k-1 and 5k-2:
interface port-channel99
description Connection to City Hall 4506
switchport mode trunk
vpc 99
switchport trunk allowed vlan 1-3,113,121-122,961-976,978,994-996,998-999
spanning-tree port type edge trunk
spanning-tree bpduguard enable
spanning-tree bpdufilter enable
speed 1000
interface Ethernet1/3
description Connection to City Hall 4506
switchport mode trunk
switchport trunk allowed vlan 1-3,113,121-122,961-976,978,994-996,998-999
channel-group 99 mode active
On Wed, Jan 4, 2012 at 11:33 AM, rizwanr74 <
01-04-2012 12:06 PM
Here is the bad news, VPC is supported on the Nexus platform but not over 4500 Catalyst platform.
Unless you use VSS on Catalyst and I believe VSS is supported on 6500 Catalyst platform not on 4500 Catalyst platform.
I hope this has been any help to understand the problem.
01-04-2012 12:12 PM
Rizwan,
I'm not creating the VPC on the 4506, i'm creating it on the Nexus 5k's.
On Wed, Jan 4, 2012 at 3:06 PM, rizwanr74 <
01-04-2012 12:18 PM
That is correct and I understand that you are not configuring VPC on 4506.
however VPC redundancy works over Nexus platform alone, (not in between Nexus to 4506) otherwise it is just plan old etherChannel-ing.
01-04-2012 12:31 PM
Beside your port change interface mis match on On City Hall 4506:, should it be interace Port-Channel99 instead?
interface Port-channel98
01-05-2012 10:14 AM
Hi Bobby,
It is most likely issue with vpc peering and peer-link on primary and secondary on Nexus.
Also please make sure the vpc domain is identical on both Nexus and keep alive is configured properly.
Can you please copy your vpc configuration between two Nexus, the peer-link channel config, peer-keep-alive and vpc-domain name, and vrf context name from both Nexus.
The issue, might well be on the Nexus themselves.
Please make sure EtherChennel between two Nexus and 4506 are identical, as I see the port-channel mis-match.
Interface Port-Channel99
interface Port-channel98
01-04-2012 12:59 PM
Hey Bobby,
you already disabled SPT on your VPC towards the 4506.
spanning-tree port type edge trunk
spanning-tree bpduguard enable
spanning-tree bpdufilter enable
Why that?
Also, can you attach your vpc peer link config?
please also add
show vpc brief
and show vpc
PS: of course you can have a vpc between 2 Nexus' and a third switch which will see the 2 nexus as 1 single bridge. This is what multi chassis link aggregation (hence vpc) is all about...
01-10-2012 06:05 AM
Hi Bobby
What is connected to Po100, and how this port is configured? Can any part/device of your network be reached from n5k devices through both - po100 and po99?
Without knowing exact topology it's hard to say why we get message about STP_LOOP, but Riccardo is right - removing STP is very big risk, because disaling it on of the affected links might lead you to a loop.
Regards,
Alex
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: