Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA Failover pair causing MAC flapping on switch stack

Not sure if this should be posted here or in the ASA forums.  I have an Active/Standby pair of ASA 5515x connected to a 2960S stack.  Connections look like so:

 


    ASA 1------Failover interface------ASA2
      |                                                     |
      |                                                     |
      |                                                     |
      |                                                     |
2960S Gig1/0/1 -------Stack-------2960S Gig2/0/1

 

 

I get the following error on the switches:


Aug 17 10:08:07 EDT: %SW_MATM-4-MACFLAP_NOTIF: Host a80c.0dc1.1130 in vlan 3 is flapping between port Gi1/0/1 and port Gi2/0/1
Aug 17 10:08:50 EDT: %SW_MATM-4-MACFLAP_NOTIF: Host a80c.0dc1.1130 in vlan 3 is flapping between port Gi1/0/1 and port Gi2/0/1
Aug 17 10:10:02 EDT: %SW_MATM-4-MACFLAP_NOTIF: Host a80c.0dc1.1130 in vlan 3 is flapping between port Gi1/0/1 and port Gi2/0/1
Aug 17 10:11:32 EDT: %SW_MATM-4-MACFLAP_NOTIF: Host a80c.0dc1.1130 in vlan 3 is flapping between port Gi1/0/1 and port Gi2/0/1
Aug 17 10:12:13 EDT: %SW_MATM-4-MACFLAP_NOTIF: Host a80c.0dc1.1130 in vlan 3 is flapping between port Gi1/0/1 and port Gi2/0/1
Aug 17 10:18:52 EDT: %SW_MATM-4-MACFLAP_NOTIF: Host a80c.0dc1.1130 in vlan 3 is flapping between port Gi1/0/1 and port Gi2/0/1
Aug 17 10:19:41 EDT: %SW_MATM-4-MACFLAP_NOTIF: Host a80c.0dc1.1130 in vlan 3 is flapping between port Gi1/0/1 and port Gi2/0/1

 

The MAC in question is the interface that is active on the ASA. I wouldn't think I should see the MAC on both interfaces on the switch because only one ASA is active. 

Everyone's tags (1)
3 REPLIES
VIP Purple

Is your Failover-system

Is your Failover-system stable or is the active role chainging between primary and standby unit? Please post the output from "sh failover | i Last | time:" and look for failover-events in the firewall-logs.


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
New Member

Seems pretty stable.  That

Seems pretty stable.  That time was when we stacked the switches.  Also sent the rest of the show failover 

 

Last Failover at: 09:44:40 EDT Jun 14 2014
                Active time: 5534681 (sec)
                Active time: 9033 (sec)

 

 

# show failover
Failover On 
Failover unit Secondary
Failover LAN Interface: failover GigabitEthernet0/5 (Failed - No Switchover)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 4 of 114 maximum
Version: Ours 9.1(2), Mate 9.1(2)
Last Failover at: 09:44:40 EDT Jun 14 2014
        This host: Secondary - Active 
                Active time: 5534662 (sec)
                slot 0: ASA5515 hw/sw rev (1.0/9.1(2)) status (Up Sys)
                  Interface Internal (192.168.20.254): Normal (Waiting)
                  Interface DMZ (172.16.120.1): Normal (Waiting)
                  Interface External (xx.xx.xx.194): Normal (Waiting)
                  Interface VMmanagement (10.110.10.1): Normal (Waiting)
                  Interface management (0.0.0.0): Link Down (Not-Monitored)
                slot 1: IPS5515 hw/sw rev (N/A/7.1(8p1)E4) status (Up/Up)
                  IPS, 7.1(8p1)E4, Up
        Other host: Primary - Failed 
                Active time: 9033 (sec)
                slot 0: ASA5515 hw/sw rev (1.0/9.1(2)) status (Unknown/Unknown)
                  Interface Internal (192.168.20.252): Unknown (Monitored)
                  Interface DMZ (172.16.120.2): Unknown (Monitored)
                  Interface External (xx.xx.xx.195): Unknown (Monitored)
                  Interface VMmanagement (10.110.10.2): Unknown (Monitored)
                  Interface management (0.0.0.0): Unknown (Not-Monitored)
                slot 1: IPS5515 hw/sw rev (N/A/7.1(8p1)E4) status (Unknown/Unknown)
                  IPS, 7.1(8p1)E4, Unknown

VIP Purple

> Failover LAN Interface:

Failover LAN Interface: failover GigabitEthernet0/5 (Failed - No Switchover)
        Other host: Primary - Failed 

Doesn't look *that* stable ... ;-) Please control the failover-link.


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
583
Views
0
Helpful
3
Replies