Question

vlan flapping between trunk port and etherchannel

Asked by: node_runner

I have two catalyst 3560 switches. they are connected via a single trunk port using 082.11q on gi0/23 on each switch.

I'm trying to set up an internal switch infrastructure, such that each of my linux servers are connected to both switches, using etherchannel on the switch, and bonding on the linux host.

For the most part I have this working. say I have "server x" with eth1 and eth0, connected to gi0/1 on both switches. I've configured each port on each switch using "channel-group 1 mode on" and made sure port 1 on each switch is on the same vlan and that the resulting po1 is on the right vlan.

Things usually work fine. I can physically disconnect one interface on the server and still have connectivity. However, I am having intermittent connectivity issues on all the servers.

My switch logs show these for all of my poX groups for my servers on an intermittent basis:
Host (mac srubbed) in vlan 1 is flapping between port Gi0/23 and port Po10

Keep in mind that gi0/23 is my trunk port between the two switches. I don't really understand what the problem is because the logical port info for each poX seems to be passing over the trunk interface and things seem to work most of the time. I've looked this up all over the web and I've tried a few different things:

1) I've tried configured gi0/23 on each switch with "spanning-tree bpdufilter enable". Toggling this on and off doesn't seem to help any.

2) I've tried configuring gi0/23 on each switch with "l2protocol-tunnel point-to-point" and this doesn't seem to help either.

Each time, I can re-create the flapping log entry just be sending traffic to any one of those servers and I'll get that error. The odd thing is that most of the time, the traffic still makes it to and from the host. Only about 20% of time do connections actually get dropped.

I'm using the default bonding method (round-robin) on each host, but I've also tried configuring one of the hosts to use active/standby mode for the bonding option and that didn't seem to help either.

Any ideas?

Running config for both switches:

===============BEGIN SW2==========================
Current configuration : 2623 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname sw2
!
enable secret 5 xxxxxxxxxxx
enable password xxxxxxxxxxxxx
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
ip name-server 10.1.5.1
ip name-server 10.1.5.2
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface Port-channel1
!
interface Port-channel2
!
interface Port-channel3
 switchport access vlan 2
!
interface Port-channel4
 switchport access vlan 2
!
interface Port-channel5
!
interface Port-channel6
!
interface Port-channel7
 switchport access vlan 2
!
interface Port-channel8
!
interface Port-channel9
 switchport access vlan 2
!
interface Port-channel10
!
interface GigabitEthernet0/1
 channel-group 1 mode on
!
interface GigabitEthernet0/2
 channel-group 2 mode on
!
interface GigabitEthernet0/3
 switchport access vlan 2
 channel-group 3 mode on
!
interface GigabitEthernet0/4
 switchport access vlan 2
 channel-group 4 mode on
!
interface GigabitEthernet0/5
 channel-group 5 mode on
!
interface GigabitEthernet0/6
 channel-group 6 mode on
!
interface GigabitEthernet0/7
 switchport access vlan 2
 channel-group 7 mode on
!
interface GigabitEthernet0/8
 channel-group 8 mode on
!
interface GigabitEthernet0/9
 switchport access vlan 2
 channel-group 9 mode on
!
interface GigabitEthernet0/10
 channel-group 10 mode on
!
interface GigabitEthernet0/11
!
interface GigabitEthernet0/12
!
interface GigabitEthernet0/13
!
interface GigabitEthernet0/14
!
interface GigabitEthernet0/15
!
interface GigabitEthernet0/16
!
interface GigabitEthernet0/17
!
interface GigabitEthernet0/18
!
interface GigabitEthernet0/19
!
interface GigabitEthernet0/20
!
interface GigabitEthernet0/21
!
interface GigabitEthernet0/22
!
interface GigabitEthernet0/23
 switchport trunk encapsulation dot1q
 switchport mode trunk
 l2protocol-tunnel point-to-point pagp
 
 l2protocol-tunnel point-to-point lacp
 l2protocol-tunnel point-to-point udld
 spanning-tree bpdufilter disable
!
interface GigabitEthernet0/24
!
interface GigabitEthernet0/25
!
interface GigabitEthernet0/26
!
interface GigabitEthernet0/27
!
interface GigabitEthernet0/28
!
interface Vlan1
 ip address 10.1.4.2 255.255.0.0
!
interface Vlan2
 ip address 10.1.4.2 255.255.0.0
 shutdown
!
ip default-gateway 10.1.5.1
ip classless
ip http server
!
logging 10.1.3.1
snmp-server community xxxxxxx RO
!
control-plane
!
!
line con 0
 exec-timeout 0 0
line vty 0 4
 password xxxxxxx
 login
line vty 5 15
 password xxxxxxxx
 login
!
end
========================================
 
 
==========BEGIN SW1===================
Current configuration : 2468 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname sw1
!
enable secret 5 xxxxxxxx
enable password xxxxxxxxxx
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface Port-channel1
!
interface Port-channel2
!
interface Port-channel3
 switchport access vlan 2
!
interface Port-channel4
 switchport access vlan 2
!
interface Port-channel5
!
interface Port-channel6
!
interface Port-channel7
 switchport access vlan 2
!
interface Port-channel8
!
interface Port-channel9
 switchport access vlan 2
!
interface Port-channel10
!
interface GigabitEthernet0/1
 channel-group 1 mode on
!
interface GigabitEthernet0/2
 channel-group 2 mode on
!
interface GigabitEthernet0/3
 switchport access vlan 2
 channel-group 3 mode on
!
interface GigabitEthernet0/4
 switchport access vlan 2
 channel-group 4 mode on
!
interface GigabitEthernet0/5
 channel-group 5 mode on
!
interface GigabitEthernet0/6
 channel-group 6 mode on
!
interface GigabitEthernet0/7
 switchport access vlan 2
 channel-group 7 mode on
!
interface GigabitEthernet0/8
 channel-group 8 mode on
!
interface GigabitEthernet0/9
 switchport access vlan 2
 channel-group 9 mode on
!
interface GigabitEthernet0/10
 channel-group 10 mode on
!
interface GigabitEthernet0/11
!
interface GigabitEthernet0/12
!
interface GigabitEthernet0/13
!
interface GigabitEthernet0/14
!
interface GigabitEthernet0/15
!
interface GigabitEthernet0/16
!
interface GigabitEthernet0/17
!
interface GigabitEthernet0/18
!
interface GigabitEthernet0/19
!
interface GigabitEthernet0/20
!
interface GigabitEthernet0/21
!
interface GigabitEthernet0/22
!
interface GigabitEthernet0/23
 switchport trunk encapsulation dot1q
 switchport mode trunk
 l2protocol-tunnel point-to-point pagp
 l2protocol-tunnel point-to-point lacp
 l2protocol-tunnel point-to-point udld
 spanning-tree bpdufilter disable
!
interface GigabitEthernet0/24
!
interface GigabitEthernet0/25
!
interface GigabitEthernet0/26
!
interface GigabitEthernet0/27
!
interface GigabitEthernet0/28
!
interface Vlan1
 ip address 10.1.4.1 255.255.0.0
!
ip classless
ip http server
!
logging 10.1.3.1
snmp-server community xxxxxx RO
!
control-plane
!
!
line con 0
line vty 0 4
 password x
 login
line vty 5 15
 password x
 login
!
end

                                  
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:
118:
119:
120:
121:
122:
123:
124:
125:
126:
127:
128:
129:
130:
131:
132:
133:
134:
135:
136:
137:
138:
139:
140:
141:
142:
143:
144:
145:
146:
147:
148:
149:
150:
151:
152:
153:
154:
155:
156:
157:
158:
159:
160:
161:
162:
163:
164:
165:
166:
167:
168:
169:
170:
171:
172:
173:
174:
175:
176:
177:
178:
179:
180:
181:
182:
183:
184:
185:
186:
187:
188:
189:
190:
191:
192:
193:
194:
195:
196:
197:
198:
199:
200:
201:
202:
203:
204:
205:
206:
207:
208:
209:
210:
211:
212:
213:
214:
215:
216:
217:
218:
219:
220:
221:
222:
223:
224:
225:
226:
227:
228:
229:
230:
231:
232:
233:
234:
235:
236:
237:
238:
239:
240:
241:
242:
243:
244:
245:
246:
247:
248:
249:
250:
251:
252:
253:
254:
255:
256:
257:
258:
259:
260:
261:
262:
263:
264:
265:
266:
267:
268:
269:
270:
271:
272:
273:
274:
275:
276:
277:
278:
279:
280:
281:
282:
283:
284:
285:
286:
287:
288:
289:
290:
291:
292:
293:
294:
295:
296:
297:
298:
299:
300:
301:
302:
303:
304:
305:
306:
307:
308:

Select allOpen in new window

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2008-09-30 at 12:13:20ID23775792
Tags

cisco

,

catalyst

,

3560

Topics

Network Switches & Hubs

,

Network Operations

,

Network Design & Methodology

Participating Experts
2
Points
500
Comments
7

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. Vlan and Trunk
    How to configure Trunk for VLAN, in order for VLAN talk to each other on Cisco Catalyst Multilayer 3550-48 switch, The following is the vlan diagram, Port VLAN VLAN IP Address ------ ------------- ----------------- 39-48 VLAN 1 -De...
  2. Catalyst 2948G <---> Catalyst 2900XL  Trunk  V…
    What steps do I need to set up a trunk between a 2948G and a 2900XL that will carry VLAN 2 and VLAN 3 traffic?
  3. EtherChannel and VLAN Trunking in Catalyst 3750
    Hi. I have the following configuration in my Cisco Catalyst 3750 switch. I would like to know what are they for: vlan internal allocation policy ascending ! ! interface Port-channel1 switchport access vlan 2 ! interface Port-channel2 switchport access vlan 2 ! interface ...
  4. Vlan trunking
    Hi guys, I need information and ideas about vlan trunking... How it should be setup'e'd (network topology design) and reasons why to go for vlan trunking. What I know is that vlan trunking is used to extend a vlan number. For example, catalyst 2950 has 24 ports on Vlan 2. ...
  5. Cisco VLAN trunk ASA5510 to Catalyst 3550.
    I am working on a project where an ASA5510 needs to be configured with multiple VLANs on a single physical interface. This has been configured using the sub interfaces with no issue. The port is then being connected to a Catalyst 3550. The switchport on the 3550 has been set ...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: donjohnstonPosted on 2008-09-30 at 13:14:55ID: 22609026

I'm not quite clear on the topology.

Do you have one server with two network interfaces and each one connected to a different switch?



Switch 1-------------Switch2
     \                             /
      \                          /
        ---- Server-----


 

by: node_runnerPosted on 2008-09-30 at 13:29:41ID: 22609159

donjohnston: that's exactly right.

So:

switch1 ------------- switch2
   \                                 /
    \                               /
   eth0-----------------eth1
                  Server

eth0 and eth1 are combined into bond0
and the port on each switch is combined into an etherchannel group

 

by: donjohnstonPosted on 2008-09-30 at 13:44:08ID: 22609274

Then what you're trying to do can't be done. You are creating a layer 2 loop. When that happens, you will get MAC addresses cycling between ports.

What are you trying to accomplish with this topology?



 

by: node_runnerPosted on 2008-09-30 at 14:00:52ID: 22609423

I'm trying to have a redundant switching architecture so our small, simple network can survive a switch being down. The idea is that all hosts are connected to two physical switches, so that if one switch dies, all hosts can still communicate with each other over the other switch.

I'm confused as to why this can't be done. Is it because these switches aren't "stacked" together as one switch? I've set this up before with higher-end catalysts, the only difference was that they were all set up as a single switch stack, so all of the ports were considered to belong to one master, logical switch.

Is that why I can't do this? Is there any way I can have these lower-end 3560's act as a single switch? I see that the 3560's support switch "clustering", but it doesn't seem the same thing as stacking. Could I use clustering as a way to pull this off and pass the layer 2 information across both switches?

 

by: KevJBPosted on 2008-09-30 at 14:21:08ID: 22609594

Shouldn't STP be stopping one of these links and therefore preventing a loop? Although I guess the server has no idea what STP packets are and is ignoring them so the switch has no idea this is happening.

However from my understanding, EtherChannel was designed to do the following:

switch1 ------------- switch2
   \       \                          
    \       \                        
   eth0-eth1

You should also be able to have another two links to switch 2. However this would require more ethernet cards, STP shouldn't matter because your server should never forward packets received on etherchannel 1 out etherchannel 2. I can't say I've ever done it. Normally you create loops between access and distribution or distribution and core layers for redundency. I've never seen a server so critical that it needs to become part of a loop. If there is such a server, it may be time to look at another solution like clustering as the redundent layer 2 approach only works until your server becomes the point of failure and that seams like a lot of switchports and network cards to waste on something that will end up failing cause the fan siezed up.

 

by: node_runnerPosted on 2008-09-30 at 14:35:59ID: 22609692

KevJB:

Not sure what you are trying to say. STP is enabled, but as far as I understood and like you say, STP is ignored from the servers perspective.

As far as the reasons why I'd like to have redundant core switches, is pretty much the same reason why you have redundant anything. A cluster of servers is great when you have a server failure. But if they are both connected to the same physical switch, then a cluster of servers doesn't help much if you have a switch failure.

At any rate, I appreciate the advice as far as topology is concerned, but that really isn't my problem. My problem lies in capability. Like I said, I know that what I'm trying to do works just fine with switch stacks. I've done it before and it worked quite well. We could lose any physical switch in the "stack" and not have any network outages. One of the other nice things about this setup is that it takes a lot of the stress out of doing switch maintenance/upgrades knowing that you can reboot/reconfigure/test one switch without any downtime.

 

by: donjohnstonPosted on 2008-09-30 at 15:04:04ID: 22609881

The idea behind the tunneling is to allow you to create an etherchannel "through" a switch to the channeling device at the other end.

An example can be found in figure 15-6
http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.1_19_ea1/configuration/guide/swtunnel.html#wp1018775

What you're trying to do is sometimes referred to as "split etherchannel". That's not supported on the 3560, but it is on the 3750 if they're stacked.

Your best bet would be to remove the etherchannel commands to the servers and let spanning tree deal with any loops.




20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...