Nexus 5000 - FWM-2-STM_LOOP_DETECT

In a previous post, I mentioned problems we were having with one of our Nexus 5000 switches. During all of the Nexus 1000v issues, it was throwing these messages continually:

2011 Mar 29 05:22:13 N5K-2 %FWM-2-STM_LEARNING_RE_ENABLE: Re enabling dynamic learning on all interfaces
2011 Mar 29 05:22:20 N5K-2 %FWM-2-STM_LOOP_DETECT: Loops detected in the network among ports Eth1/10 and Eth1/2 vlan 801 - Disabling dynamic learn notifications for 180 seconds

I couldn't tell if it was actually affecting anything, since VLAN 801 was being used as a FCoE VLAN. Looking at MAC addresses bound to VLAN 801 would reveal one MAC address in particular that would move around:

N5K-2(config)# sho mac add vlan 801
Legend:
* - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
age - seconds since last seen,+ - primary entry using vPC Peer-Link
VLAN MAC Address Type age Secure NTFY Ports
---------+-----------------+--------+---------+------+----+------------------
* 801 0005.9b7a.8800 dynamic 0 F F Eth1/7

But what was this MAC address? After a little bit of digging, I finally found it:

N5K-2(config)# sho int mgmt0
mgmt0 is down (Link not connected)
Hardware: GigabitEthernet, address: 0005.9b7a.8800 (bia 0005.9b7a.8800)
There it is, but why is it being learned? The interface is down (and the MAC still remained even when Admin Down). After opening a TAC case and collecting debugs over and over again, the Engineer opened a Bug for the issue. Which was then terminated. Solution? Stop the leak of the MAC address and reload the switch. Fun.

But how did this come about? Well, before we installed our FCoE storage, we were using vPC's off of the Nexus 5000s to each of our ESX hosts. When we installed the storage, EMC told us we could not use FCoE across our vPC's. I can't find any evidence that this advice was accurate, but it is what it is. The Management ports had originally been assigned internally routable IP addresses, and the vPC Keep-Alive was built on top of that. That means that the default VRF would have learned the address from the management VRF at some point in time. Upon removing the vPC configuration, it just never un-learned it apparently.

Comments

Post a Comment

Popular posts from this blog

Installing Cisco CallManager 4.1(3) on VMware in 2025

Getting Creative Again – and Reinstalling 2005 in 2025 It’s certainly been a while—and a lot has changed in my life. But I’ve been wanting to get back into more creative projects, especially the kind that mix creativity with something deeply technical. This one definitely checks both boxes. Get ready to Collaborate like it's 2005! Please check out my YouTube video . Installing Cisco CallManager 4.1(3) on VMware in 2025 When I first had this idea, I figured it would be a quick weekend project—knock it out in a couple of days and move on. Many months later, I can finally call it a success. The Classic Method (That No Longer Works) Historically, you'd follow a guide like this one to install CallManager 4.x. It relied on: Installing vanilla Windows 2000 Server Modifying the registry to bypass hardware checks Applying Cisco OS update files like win-OS-Upgrade-K9.2000-2-6sr4.exe But in 2025? These Cisco OS update files have vanished from the internet. Despite...
Read more

Why is Cisco Licensing so terrible?

Well, it's been a while since I've written anything here. Since my last post, a lot of things have happened. One of those things perfectly illustrates a poorly thought out aspect of Cisco Licensing, especially for Unified Communications running on VMware. I've believed forever that using the Primary DNS and NTP servers as part of the License MAC generation was a bad idea, but I never really thought about how unpleasant it could be. I recently traveled to Brazil to deploy our UC-on-UCS environment there, and built out all of the servers. When I first arrived onsite, I contacted our systems team and requested they send me the DNS/NTP information that I would need to use for the build (and licensing). They sent me the information without any hassle, which was a huge bonus. Fast forward, installation is done, I'm back home, and I set up RTMT. Low and behold, I'm getting alarms that the Primary NTP server is inaccessible. Hmmm, that's odd, but sure enough, I can...
Read more

Installing Linux on a Cisco Content Engine

Concept I originally thought about this after reading this article , and soon I set off to install Linux on my Cisco CE560. My first attempts to install using Sarge failed, since Etch is now the current version, and Sarge is now " oldstable ". I was also unable to successfully boot the floppy install of Etch for some reason. Using some of the steps from the aforementioned article, I was able to successfully install Mandrake 10.1 on my content engine. Hardware The Cisco CE560 has the following hardware characteristics : Intel Pentium III 600 MHz 2x512 MB SDRAM Symbios sym53c8xx SCSI controller 2x36GB 80-pin Ultra2 LVD SCSI Hard Drives Asiliant 69000 Video Adapter with 16-pin output header (pinout unknown) 2xIntel 82559 Ethernet Adapters (Linux driver is e100) RJ-45 Serial Console port at 9600,8,N,1 Note: Can only boot from floppy or SCSI! Preparation In order to pull this off, I used the following items: Cisco Console cable A laptop with Windows using Hyperterminal Floppy Dri...
Read more