802.1q tunneling & Etherchannels

marlon23marlon23 Member Posts: 164 ■■□□□□□□□□

My scenario looks like this:


SW3 & SW4 has a L3 Etherchannel configured (mode on)
SW1 is doing 802.1q tunneling with l2 tunneling for CDP

Interface configuration:
interface FastEthernet 0/X
switchport access vlan 100
switchport mode dot1q-tunnel
l2protocol-tunnel cdp
no cdp enable
spanning-tree bpdufilter enable

SW3 & SW4:
interface FastEthernet 0/Y
no switchport
no ip address
channel-group 34 mode on

Rack1SW1#show mac address-table vlan 100 | inc DY
100 0011.21ca.3980 DYNAMIC Fa0/17 - MAC of SW3 Po (flopping between ports)
100 0017.e026.6142 DYNAMIC Fa0/20 - MAC of 1. Fa port of SW4
100 0017.e026.6143 DYNAMIC Fa0/21 - MAC of 2. Fa port of SW4
100 0017.e026.6144 DYNAMIC Fa0/20 - MAC of SW4 Po

SW3 is 3550, SW4 3560, SW1 3560

Problem is that SW1 is complaining:
*Mar 2 08:07:47.794: %SW_MATM-4-MACFLAP_NOTIF: Host 0011.21ca.3980 in vlan 100 is flapping between port Fa0/18 and port Fa0/17 (MAC belongs to Po on SW3)

My confusion:
- On both SW3 & SW4 etherchanell load balancing is set for source mac. How come that SW3 is still using both interfaces to send trafic over ? (Which leads to MAC flapping). Source MAC should be always Po's MAC as this is routed etherchannel.
- Solution for the situation is to put the etherchanell ports on SW1, for SW3 and SW4 to different VLAN's, how can the 802.1q tunelling work ? (additional vlan tag would have different vlan, so tunnel should break, or it works differently when there is switch doing tunnel between his own interfaces ?)
- How come that Sw4 is also sending traffic sourced from MAC of Fa ports in the etherchannel group and not only from Po's MAC ?

Thanks for answers.
LAB: 7609-S, 7606-S, 10008, 2x 7301, 7204, 7201 + bunch of ISRs & CAT switches


  • Options
    a543047a543047 Member Posts: 41 ■■□□□□□□□□
    You're not forming the etherchannel and that is what is causing the flap. You need to add the following command:

    l2protocol-tunnel point-to-point under your trunk interfaces on SW1. Also, I believe you need to use PAgP of LACP to make this work.
    CCIE #22769
    Routing and Switching
    Service Provider
  • Options
    marlon23marlon23 Member Posts: 164 ■■□□□□□□□□

    according to my understanding pagp and lacp are just to negotiate and form the etherchannel (and to add some redundancy features as well), but not required to do so (like DTP vs. manually setting the trunk encapsulation or just turn on the trunking). I prefer just to turn it on manually, as these dynamic things just do more problems then good.

    The problem is caused by 3550 is sending frame through both links in etherchannel which are confusing switch in the path when he sees source mac from 2 different ports.

    The solution to this problem is to treat each link in etherchannel as separate 802.1q tunnel, so switch on the path would have separate MAC table for each VLAN(-->tunnel) so he wouldnt complain anymore.

    Still have no idea why is 3550 sending traffic using both links with source-mac load balancing for etherchannel, will sniff the wires to see whats there and let you know :)
    LAB: 7609-S, 7606-S, 10008, 2x 7301, 7204, 7201 + bunch of ISRs & CAT switches
  • Options
    a543047a543047 Member Posts: 41 ■■□□□□□□□□
    I don't think you understand what I'm trying to say. You are missing the following command under your trunk interfaces:

    'l2protocol-tunnel point-to-point'

    This command allows pagp, lacp, and udld to pass through your dot1q tunnel. You are seeing the MAC address flap because the logical etherchannl is not forming. Also, in a real world environments you would typically use lacp or pagp as it alerts you when a mismatch/error occurs where if you hard code it to on it does not alert you.
    CCIE #22769
    Routing and Switching
    Service Provider
Sign In or Register to comment.