VLANs having same mac address causing flapping error on cisco switch
-
Okay, so then my question is why doesn't the xg7100 have the ability to assign macs to the switch ports on the marvell?
Is that a software or hardware limitation? -
Because Layer 2 switch ports don't have MAC addresses.
Please post your current etherswitchcfg output.
And the port channel configurations on the switch and what ports are connected to what.
Thanks.
-
Ah! I see what youre saying now.
So what solutions are there to ensure separate mac addresses for the separate vlan ? I am referring to potentially assigning the vlan on pfsense with a mac addr, although I know this is not possible from what I've read.
The reason I ask is because ifconfig lladdr does not survive a reboot.pfsense etherswitchcfg:
etherswitch0: VLAN mode: DOT1Q
port1:
pvid: 5
state=8<FORWARDING>
flags=0<>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
port2:
pvid: 5
state=8<FORWARDING>
flags=0<>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
port3:
pvid: 5
state=8<FORWARDING>
flags=0<>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
port4:
pvid: 10
state=8<FORWARDING>
flags=0<>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
port5:
pvid: 10
state=8<FORWARDING>
flags=0<>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
port6:
pvid: 10
state=8<FORWARDING>
flags=0<>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
port7:
pvid: 30
state=8<FORWARDING>
flags=0<>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
port8:
pvid: 30
state=8<FORWARDING>
flags=0<>
media: Ethernet autoselect (none)
status: no carrier
port9:
pvid: 1
state=8<FORWARDING>
flags=1<CPUPORT>
media: Ethernet 2500Base-KX <full-duplex>
status: active
port10:
pvid: 1
state=8<FORWARDING>
flags=1<CPUPORT>
media: Ethernet 2500Base-KX <full-duplex>
status: active
laggroup0:
members 9,10
laggroup1:
members 2,3
laggroup2:
members 4,5,6
laggroup3:
members 7,8
vlangroup0:
vlan: 1
members none
vlangroup1:
vlan: 5
members 1,2,3,9t,10t
vlangroup3:
vlan: 30
members 7,8,9t,10t
vlangroup4:
vlan: 10
members 4,5,6,9t,10tcisco:
!
interface Port-channel1
switchport trunk encapsulation dot1q
!
interface Port-channel2
switchport trunk encapsulation dot1q
!
interface Port-channel3
switchport trunk encapsulation dot1q
!
!
interface GigabitEthernet0/2
description RTR-UPLINK-MGNT
switchport trunk encapsulation dot1q
channel-group 1 mode on
!
interface GigabitEthernet0/3
description RTR-UPLINK-MGNT
switchport trunk encapsulation dot1q
channel-group 1 mode on
!
interface GigabitEthernet0/4
description RTR-UPLINK-USERS
switchport trunk encapsulation dot1q
channel-group 2 mode on
!
interface GigabitEthernet0/5
description RTR-UPLINK-USERS
switchport trunk encapsulation dot1q
channel-group 2 mode on
!
interface GigabitEthernet0/6
description RTR-UPLINK-USERS
switchport trunk encapsulation dot1q
channel-group 2 mode on
!
interface GigabitEthernet0/7
description RTR-UPLINK-LAB
switchport trunk encapsulation dot1q
channel-group 3 mode on
!
interface GigabitEthernet0/8
description RTR-UPLINK-LAB
switchport trunk encapsulation dot1q
channel-group 3 mode on -
You should probably set the PVID of channel-group 1 to 5, the PVID on channel-group 2 to 10 and the PVID of channel-group 3 to 30.
At least I think that's what I see there.
You are sending untagged traffic for three different VLANs into three different switch ports (port-channels, actually) you need to separate those VLANs on the cisco switch side too. The switch has no way to tell the traffic for one VLAN from another because it has no VLAN tags to work with.
-
@erasedhammer said in VLANs having same mac address causing flapping error on cisco switch:
So what solutions are there to ensure separate mac addresses for the separate vlan ? I am referring to potentially assigning the vlan on pfsense with a mac addr,
Once again, not possible. You're asking software to change hardware. While you can change the MAC, it will change for every frame transmitted by that NIC. The difference between different VLANs is the content of the VLAN tag. That's it. So, when a frame goes out on a VLAN, the contents of the tag are set for that VLAN.
One thing to bear in mind is that all communication on the LAN is via MAC address. If you were to somehow change it when transmitting a frame, you might have the wrong MAC for a frame sent to another VLAN and that frame will be lost.
-
@Derelict
I would assume setting native vlan (5, 10, 30) on those would be sufficient? Little divergent in the topic, but your help is much appreciated. -
Native means no VLAN tag. So, you could configure a managed switch to bring out VLAN 5, for example, to a port that carries only VLAN 5 traffic. That is called an access port and will pass the frames without VLAN tag. A trunk port passes multiple VLANs and the frames have VLAN tags.
-
@JKnott
So it should be best to set all ports within the same vlan to switch access vlan X, including the ports to lead to other switches? -
There are 2 ways to configure a port. First, to pass only a single VLAN. It will then strip the tag from packets leaving through that port or add it to one entering it. The other way is to configure a trunk port to pass multiple VLANs. Depending on the switch, it may be possible to pass only specific VLANs and not others.
So, to answer your question, you have to determine what you want each port to do and configure accordingly. So, if you have some IoT devices, you'd configure an access port for that VLAN. If you have a phone and computer sharing a port, then you'd have to configure to pass the tagged VLAN frames, as well an untagged frame. Same with an access point with multiple SSIDs. As always, determine your requirements and go from there.
-
I would assume setting native vlan (5, 10, 30) on those would be sufficient? Little divergent in the topic, but your help is much appreciated.
@erasedhammer Whatever your switch calls it, yes.
