Hello Mark,

Thanks for your support

The topology didn´t change, the last one was in 3d21h ago, as show the log:

VLAN0951 is executing the ieee compatible Spanning Tree protocol
Number of topology changes 26 last change occurred 3d21h ago

This is for all my VLANs, even was in 3d, for me is not normal, because I didn´t change the cabling in this time.

About the destination MAC, is a workstation, this problem occur with 04 different MACs in differents switches and all are workstation, 02 switches are Avaya and 02 are Cisco 2960/3750.

Hi

3 days wouldn't be something to worry about usually if there's stp issues it will be constantly resetting its timer until you trace the issue , the workstations aren't moving around are they between rooms like laptops as that can cause that alert as mac being learnt in diff port than originally seen by the vss

are you seeing any issues from this log is it causing a problem, you could try the workaround it will be service effecting so you will need a window , clear mac-address-dynamic table .....

if that doesn't stop it I would open a TAC case or upgrade to a newer ios-xe code as it maybe software related

Mark,

I don´t know if there is any relation, but I've been deal with the problem of lost connectivity for some machines, they lost their IPs and can´t receive another.

I believe have some relation, because on the Core I just can see the error of Hostflapping.

Is Spanning tree configured correctly? Another word, is the core VSS root for all vlans and the access switches see the core as the root?

HTH

Reza,

This was a very good question, after see your question I was checked the configuration for 02 swtiches (Core and one access).

In the core the STP is configured like bellow:

spanning-tree mode pvst
spanning-tree loopguard default
spanning-tree logging
spanning-tree extend system-id
spanning-tree vlan 1-10,21,59-62,100-101,110-113,120-121,130-131 priority 16384
spanning-tree vlan 140-141,150-151,160-161,170-171,180-181,190 priority 16384
spanning-tree vlan 191,199-201,210-211,220,248,252-254,353,453 priority 16384
spanning-tree vlan 553-555,653,812-813,840-841,850-855,890-892 priority 16384

The access switch is: 

spanning-tree mode pvst
spanning-tree extend system-id

!

But if I take a specific vlan to validade who is the root, both switch appear as Root.

This is very strange.

Hi Marcio,

What is the priority on the access switch?  Is it 32768 (default)?

You want to make sure that the core has a lower priority when comparing it to access switches.  This way the core will always be the root.

Usually lowering the core and leaving the access as default should do it.

Can you provide the output from one of the vlans from the access switch as well as the core?

sh spann vlan xx

HTH

Reza,

Yes, all access switch is using the default priority:

Follow the command result.

Access switch:

BR-CNS-SWA-013#sh span vlan 890

VLAN0890
Spanning tree enabled protocol ieee
Root ID Priority 33658
Address 2834.a285.e780
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 33658 (priority 32768 sys-id-ext 890)
Address 2834.a285.e780
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec

Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi1/0/1 Desg FWD 19 128.1 P2p Edge
Gi1/0/3 Desg FWD 19 128.3 P2p Edge
Gi1/0/5 Desg FWD 19 128.5 P2p Edge
Gi1/0/7 Desg FWD 19 128.7 P2p Edge
Gi1/0/9 Desg FWD 19 128.9 P2p Edge
Gi1/0/11 Desg FWD 19 128.11 P2p Edge
Gi1/0/12 Desg FWD 19 128.12 P2p Edge
Gi1/0/13 Desg FWD 19 128.13 P2p Edge

!

Core Switch

VLAN0890
Spanning tree enabled protocol ieee
Root ID Priority 17274
Address 0008.e3ff.fc14
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 17274 (priority 16384 sys-id-ext 890)
Address 0008.e3ff.fc14
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec

Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi1/1/12 Desg FWD 4 128.12 P2p
Gi1/1/34 Desg FWD 4 128.34 P2p
Gi1/1/36 Desg FWD 4 128.36 P2p
Gi1/1/44 Desg FWD 19 128.44 P2p
Gi1/5/2 Desg FWD 4 128.514 P2p
Gi1/5/3 Desg FWD 4 128.515 P2p
Gi1/5/4 Desg FWD 19 128.516 P2p
Gi1/5/5 Desg FWD 4 128.517 P2p

Marcio,

Both access and core switches see themselves as root. 

Also, in the output you provided from the access switch, I don't see the uplink port included in "sh span vlan 890"  I just see the access ports

Can you make sure vlan 890 is added to the trunk link between access and core?

What port is connecting the access switch to the core?  Can you provide the config?

HTH

Raza,

I just cut the output to not become to big.

there is a connection between both using portchannel.

The status of Access Switch is:

Po1 Desg FWD 3 128.224 P2p

interface Port-channel1
description PORTS-TO-CORE
switchport mode trunk
switchport nonegotiate

!

for the Core switch is:

Po20 Desg FWD 3 128.2580 P2p

interface Port-channel20
description ### UPLINK BR-CNS-SWA-013 ###
switchport
switchport mode trunk
spanning-tree bpdufilter enable
service-policy input AutoQos-4.0-Input-Policy

Can you delete "spanning-tree bpdufilter enable" from the trunk port on the core and run the stp commands again (sh span vlan 890)

and post the output from both the core and access?

HTH

I have to open a window to do it, because if I take this off, probably the core will receive BPDU and can cause topoly change and lost of connection.

Yes, I agree.  It should be done in a maintenance window.