in the words of homer simpson - doh good lesson, how could i miss it was in the dsg!
cheers all the same On 28 August 2012 15:48, Andy Sajous <[email protected]> wrote: > I think your missing a part on you MAC access-list. Looks like you > specified the ether type, but spanning tree is still failing because you're > missing the LLC SNAP encapsulation (lsap). > > mac access-list extended FilterMe > permit any any 0x0806 0x0000 > permit any any *lsap* 0xAAAA 0x0000 > > > > > > > On Tue, Aug 28, 2012 at 9:28 AM, Tony Singh <[email protected]> wrote: > > > Hi Experts > > > > > > Please forgive rather long winded email but need direction here..... > > > > > > *topology* > > R1 f0/0 > f0/1 CAT 1 (vlan 12) > > R2 f0/0 > f0/2 CAT 1 (vlan 12) > > > > *issue* > > 01:50:21: %SW_MATM-4-MACFLAP_NOTIF: Host 001c.f691.a0f8 in vlan 12 is > > flapping between port Po13 and port Po12 > > 01:50:21: %SW_MATM-4-MACFLAP_NOTIF: Host 001c.58a7.d388 in vlan 12 is > > flapping between port Po14 and port Po12 > > > > these flapps continue across all ether channels.... > > > > > > *R1#show ip arp * > > Internet 150.100.12.1 - 001c.58a7.d388 ARPA > > FastEthernet0/0 > > Internet 150.100.12.2 0 Incomplete ARPA > > > > *R2#show ip arp* > > Protocol Address Age (min) Hardware Addr Type Interface > > Internet 150.100.12.1 0 001c.58a7.d388 ARPA > > FastEthernet0/0 > > Internet 150.100.12.2 - 001c.f691.a0f8 ARPA > > FastEthernet0/0 > > > > one end of either router's arp is always incomplete > > > > checked all ends, encaps is arpa with full-duplex 100mb/s > > > > *CAT1* > > access-list 100 permit icmp any any > > access-list 100 permit ospf any any > > > > mac access-list extended MAC > > *permit mac any any 0x0806 0x0000 <<< permitted arp* > > *permit mac any any 0xAAAA 0x0000 * *<<< **permitted **stp for > > dot1q trunks* > > > > mac access-map LAB2-26 10 > > match mac address MAC > > action forward > > mac access-map LAB2-26 20 > > match ip address 100 > > action forward > > mac access-map LAB2-26 30 > > action drop > > > > vlan filter LAB2-26 vlan-list 12 > > > > > > > > > > > > looking further into spanning-tree.... > > > > > > > > > > *Cat3550-1#show spanning-tree vlan 12* > > > > VLAN0012 > > Spanning tree enabled protocol ieee > > Root ID Priority 32780 > > Address 0016.c8cf.8d80 > > This bridge is the root > > Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec > > > > Bridge ID Priority 32780 (priority 32768 sys-id-ext 12) > > Address 0016.c8cf.8d80 > > Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec > > Aging Time 300 > > > > Interface Role Sts Cost Prio.Nbr Type > > ------------------- ---- --- --------- -------- > > -------------------------------- > > Gi0/1 Desg FWD 4 128.1 P2p > > Fa0/1 Desg FWD 19 128.3 P2p > > Fa0/2 Desg FWD 19 128.4 P2p > > Po12 Desg FWD 12 128.144 P2p > > Po13 Desg FWD 12 128.152 P2p > > Po14 Desg FWD 12 128.160 P2p > > > > > > > > > > > > *Cat3560-2#show spanning-tree vlan 12* > > > > VLAN0012 > > Spanning tree enabled protocol ieee > > Root ID Priority 32780 > > Address 0016.c8bc.1100 > > This bridge is the root > > Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec > > > > Bridge ID Priority 32780 (priority 32768 sys-id-ext 12) > > Address 0016.c8bc.1100 > > Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec > > Aging Time 300 > > > > Interface Role Sts Cost Prio.Nbr Type > > ------------------- ---- --- --------- -------- > > -------------------------------- > > Gi0/1 Desg FWD 4 128.1 P2p > > Po12 Desg FWD 12 128.144 P2p > > Po23 Desg FWD 12 128.232 P2p > > Po24 Desg FWD 12 128.240 P2p > > > > > > > > *cat1* > > VLAN0012 32780 0016.c8cf.8d80 0 2 20 15 > > > > *cat2* > > VLAN0012 32780 0016.c8bc.1100 0 2 20 15 > > > > > > *so both switches think there the root for vlan 12* > > > > > > > > resolved by issuing > > > > *Cat3550-1(config)#spanning-tree vlan 12 root primary* > > > > > > > > > > > > but why does the election not agree when cat2 bridge id is lower > (priority > > is default) obviously cat 2 tries to become the root by right, but then > why > > does cat1? > > > > > > *Bridge ID's* > > * > > * > > *cat 1 vlan 12* > > 0016.c8cf.8d80 > > * > > * > > *cat 2 vlan 12* > > 0016.c8bc.1100 *<<<<---- should be the winner & IS when no mac > > access-list/vlan filter is applied* > > > > > > looking further into vlan 12 > > > > > > *---------------WITH MAC ACCESS-LIST & ROOT PRIORITY PRIMARY SET ON > > CAT1-----------------* > > > > > > *debugging whilst this is happening* > > > > 05:25:34: STP: VLAN0012 heard root 32780-0016.c8cf.8d80 on Po12 > > 05:25:34: STP(12) port Po12 supersedes 19 > > > > > > *Cat3550-1#show spanning-tree vlan 12* > > > > VLAN0012 > > Spanning tree enabled protocol ieee > > Root ID Priority 24588 > > Address 0016.c8cf.8d80 > > This bridge is the root > > Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec > > > > Bridge ID Priority 24588 (priority 24576 sys-id-ext 12) > > Address 0016.c8cf.8d80 > > Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec > > Aging Time 300 > > > > Interface Role Sts Cost Prio.Nbr Type > > ------------------- ---- --- --------- -------- > > -------------------------------- > > Gi0/1 Desg FWD 4 128.1 P2p > > Fa0/1 Desg FWD 19 128.3 P2p > > Fa0/2 Desg FWD 19 128.4 P2p > > *Po12 Desg FWD 12 128.144 P2p * > > Po13 Desg FWD 12 128.152 P2p > > > > > > *Cat3560-2#show spanning-tree vlan 12* > > > > VLAN0012 > > Spanning tree enabled protocol ieee > > Root ID Priority 24588 > > Address 0016.c8cf.8d80 > > Cost 4 > > Port 1 (GigabitEthernet0/1) > > Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec > > > > Bridge ID Priority 32780 (priority 32768 sys-id-ext 12) > > Address 0016.c8bc.1100 > > Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec > > Aging Time 300 > > > > Interface Role Sts Cost Prio.Nbr Type > > ------------------- ---- --- --------- -------- > > -------------------------------- > > Gi0/1 Root FWD 4 128.1 P2p > > *Po12 Altn BLK 12 128.144 P2p * > > Po23 Desg FWD 12 128.232 P2p > > Po24 Desg FWD 12 128.240 P2p > > > > > > > > > > > > *-------------------------------WITHOUT MAC ACCESS-LIST & WITHOUT **ROOT > > PRIORITY PRIMARY SET ON CAT1-**------------* > > > > > > *Cat3550-1#show spanning-tree vlan 12* > > > > VLAN0012 > > Spanning tree enabled protocol ieee > > Root ID Priority 32780 > > Address 0016.c8bc.1100 > > Cost 4 > > Port 1 (GigabitEthernet0/1) > > Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec > > > > Bridge ID Priority 32780 (priority 32768 sys-id-ext 12) > > Address 0016.c8cf.8d80 > > Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec > > Aging Time 15 > > > > Interface Role Sts Cost Prio.Nbr Type > > ------------------- ---- --- --------- -------- > > -------------------------------- > > Gi0/1 Root FWD 4 128.1 P2p > > Fa0/1 Desg FWD 19 128.3 P2p > > Fa0/2 Desg FWD 19 128.4 P2p > > *Po12 Altn BLK 12 128.144 P2p * > > Po13 Desg FWD 12 128.152 P2p > > Po14 Desg FWD 12 128.160 P2p > > > > > > *Cat3560-2#show spanning-tree vlan 12* > > > > VLAN0012 > > Spanning tree enabled protocol ieee > > Root ID Priority 32780 > > Address 0016.c8bc.1100 > > This bridge is the root > > Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec > > > > Bridge ID Priority 32780 (priority 32768 sys-id-ext 12) > > Address 0016.c8bc.1100 > > Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec > > Aging Time 15 > > > > Interface Role Sts Cost Prio.Nbr Type > > ------------------- ---- --- --------- -------- > > -------------------------------- > > Gi0/1 Desg FWD 4 128.1 P2p > > *Po12 Desg FWD 12 128.144 P2p * > > Po23 Desg FWD 12 128.232 P2p > > Po24 Desg FWD 12 128.240 P2p > > > > > > > > *+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++* > > *debugging on CAT2 whilst mac access-list is applied to CAT1 & NO > > **spanning-tree > > vlan 12 root primary* > > > > 05:25:34: STP: VLAN0012 heard root 32780-0016.c8cf.8d80 on Po12 > > 05:25:34: STP(12) port Po12 supersedes 19 > > > > here's my thinking.... > > cat1 says my cost is 12 for vlan 12 via Po12 ; cat2 relays this message > > saying 12 supersedes 19 but then where does it get cost of 19 from? > > *+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++* > > * > > * > > > > > > what gives i'm confused.com , I know I can resolve the above by running > > root primary for vlan 12 on CAT1 but need to understand why this default > > behaviour as this lab task clearly asks that I implement this mac > > access-list, would this happen in the IE lab ? > > > > > > Tony > > _______________________________________________ > > For more information regarding industry leading CCIE Lab training, please > > visit www.ipexpert.com > > > > Are you a CCNP or CCIE and looking for a job? Check out > > www.PlatinumPlacement.com > > > > http://onlinestudylist.com/mailman/listinfo/ccie_rs > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > http://onlinestudylist.com/mailman/listinfo/ccie_rs > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com http://onlinestudylist.com/mailman/listinfo/ccie_rs
