ASA EIGRP Port Channel Bug?

Similar Messages

• ASA 5585 port-channels

  I want to create a port-channel with 2 10Gbs interfaces on 2 ASA 5585 firewalls, and set them up in a failover pair.
  In order to do this, do I simply put two 10Gbs interfaces into a channel and then configure the IP addressing and failover address on the logical port-channel interface? (aka interface po1).
  Any limitations with this?

  Yes, that is exactly what you do..
  Create portchannel on switch and ASA
  Trunk the vlan on switch side
  Create logical interfaces on ASA

• Disappointed: ASA 8.4 Redundant using Port-channels

  So I finally got all our ASAs upgrade to version 8.4 and was all sorts of excited to configure port-channels to our 6500 + SUP7203B switches.  I was severally disappointed to discover that I cannot configure two port-channels and have them be members of a redundant interface pair.  It would seem like a logical topology.
  Port-channel1 = Gig0/0 & Gig0/1
  Port-channel2 = Gig0/2 & Gig0/3
  Redundant1 = Port-channel1 & Port-channel2
  Port-channel1 would connect to the primary 6500
  Port-channel2 would connect to the backup 6500
  What would it take to make this work?  Am I going to have to wait for 8.5?  Will we finally get BGP then too? (Had to get that in there)
  http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/interface_start.html#wp1329357
  EtherChannel Guidelines
  •You can configure up to 48 EtherChannels.
  •Each channel group can have eight active interfaces. Note that you can assign up to 16 interfaces to a channel group. While only eight interfaces can be active, the remaining interfaces can act as standby links in case of interface failure.
  •All interfaces in the channel group must be the same type and speed. The first interface added to the channel group determines the correct type and speed.
  •The device to which you connect the ASA 5500 EtherChannel must also support 802.3ad EtherChannels; for example, you can connect to the Catalyst 6500 switch.
  •All ASA configuration refers to the logical EtherChannel interface instead of the member physical interfaces.
  •You cannot use a redundant interface as part of an EtherChannel, nor can you use an EtherChannel as part of a redundant interface. You cannot use the same physical interfaces in a redundant interface and an EtherChannel interface. You can, however, configure both types on the ASA if they do not use the same physical interfaces.

  Hello Yaplej,
  Agree with you but unfortunetly this is not supported yet,
  We migh need to wait some time before this desing can be accomplish,
  Regards,
  If you do not have any other question please mark the question as answered

• ASA port-channel command on IOS v. 9.0(4)

  I have configured 2 of ASA 5550 on a port channel as follows:
  =======================================
  router# show version
  Cisco Adaptive Security Appliance Software Version 8.4(2)
  router# show module
    0 ASA 5550 Adaptive Security Appliance         ASA5550            JMX1226L1S9
    1 SSM-4GE Included with ASA 5550 System        SSM-4GE-INC        JAF1224ATNS
  router# show interface Port-channel48
  Interface Port-channel48 "", is up, line protocol is up
    Hardware is EtherChannel/ON, BW 2000 Mbps, DLY 10 usec
      Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
      Input flow control is unsupported, output flow control is off
      Media-type configured as RJ45 connector
      Available but not configured via nameif
      MAC address 001f.ca97.44e2, MTU not set
      IP address unassigned
    Members in this channel:
        Active:   Gi1/2 Gi1/3
  router# show startup-config
  interface GigabitEthernet1/2
   channel-group 48 mode on
   no nameif
   no security-level
   no ip address
  interface GigabitEthernet1/3
   channel-group 48 mode on
   no nameif
   no security-level
   no ip address
  interface Port-channel48
   no nameif
   no security-level
   no ip address
  interface Port-channel48.4
   vlan 4
  interface Port-channel48.5
   vlan 5
  After migrating to version 9.0(4) I could not configure channel group on int g 1/2.
  =======================================
  router# show version
  Cisco Adaptive Security Appliance Software Version 9.0(4)
  router# show module
    0 ASA 5550 Adaptive Security Appliance         ASA5550            JMX1421L333
    1 SSM-4GE Included with ASA 5550 System        SSM-4GE-INC        JAF1419ALAK
  router# configure terminal
  router(config)# interface GigabitEthernet1/2
  router(config-if)#  channel-group 48 mode on
                        ^
  ERROR: % Invalid input detected at '^' marker.
  router(config-if)# ?
  So I have the following questions about verion 9:
  1. Can I still use port-channels on a sigle ASA?
  2. Should I replace port-channel by lacp command on a sigle ASA?
  3. Does lacp command can be used only on clusters ?
  Att.,
  Rosa

  The following is documented in the config guide for both 8.4 and 9.0:
  •You cannot use interfaces on the 4GE SSM, including the integrated 4GE SSM in slot 1 on the ASA 5550, as part of an EtherChannel. 
  So, even with 8.4 it was probably never meant to work.

• Port channel asa

  Hi!
  Is it possible to configure etherchannel on Cisco ASA 5580 (ASA5580-4GE-CU card) ?
  Thanks for your help,

  Hi , 
   Yes its supports etherchannel , traffic among your port-channel will be as below 
  http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/interface_start.html
  Table 12-2 Load Distribution per Interface 
  # of Active Interfaces
  % Distribution Per Interface
  1
  2
  3
  4
  5
  6
  7
  8
  1
  100%
  2
  50%
  50%
  3
  37.5%
  37.5%
  25%
  4
  25%
  25%
  25%
  25%
  5
  25%
  25%
  25%
  12.5%
  12.5%
  6
  25%
  25%
  12.5%
  12.5%
  12.5%
  12.5%
  7
  25%
  12.5%
  12.5%
  12.5%
  12.5%
  12.5%
  12.5%
  8
  12.5%
  12.5%
  12.5%
  12.5%
  12.5%
  12.5%
  12.5%
  12.5%
  HTH
  Sandy

• Port channel issue in ASA

  We have two Cisco ASA 55XX Firewalls and both are in HA (Active/Standy). Two ports from each Firewall is connecting two ports of Nexus 5K Switch and running port channel between Firewall & Nexus Switch and port-channel is UP. And Switches having back to back connection with allowed all VLAN trunk port.
  FW01 ----------------- SW01 (Two ports with Port channel)
  FW02 ----------------- SW02 (Two ports with Port channel)
  I have VLAN 10 with IP Subnet 10.10.10.0/28
  SW01 : 10.10.10.2
  SW02 : 10.10.10.3
  HSRP IP : 10.10.10.1
  FWs :  10.10.10.4 & 10.10.10.5
  Firewall Default Gateway : 10.10.10.1
  Problem : I am not able Ping Firewall IPs from Nexus Switches. When I checked ARP table in Nexus Switch; I have observed that Firealls two IPs having same MAC address; when I checked that MAC address in the Firewall; that MAC address is Port channel interface MAC address.
  This is issue (two IPs learing same MAC address) from ASA.
  How to fix this issue ?
  Thanks
  Venkat

  Hi,
  What version of IOS are you running on the ASAs?
  see table-12-3 in this link:
  http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/interface_start.html
  Also, since the 4500x are in VSS mode, you need to bundle one link from each switch and use LACP.
  HTH

• ASA5550 port channel configuration ERROR: nameif not allowed on empty etherchannel interface

  Hi All,
  I am having problem when configure port channel on asa5550 
  IOS ver asa914-k8.bin also in ver 9.02   and 8.47.
  Please let me know how can I solve this problem.
  UK-LON-FW(config)# int port-channel 3
  UK-LON-FW(config-if)# vlan 245
                         ^
  ERROR: % Invalid input detected at '^' marker.
  UK-LON-FW(config-if)# nameif secure
  ERROR: nameif not allowed on empty etherchannel interface.
  UK-LON-FW(config-if)#
  here is my interfaces configuration:
  interface GigabitEthernet0/0
  description fw1:G0/0 to uk-lon-gw1:e1/8 fw2:G0/0 to uk-lon-gw2:e1/9 outside zone
  channel-group 1 mode on
  no nameif
  no security-level
  no ip address
  interface GigabitEthernet0/1
  description fw1:G0/1 to uk-lon-gw2:e1/8 fw2:G0/1 to uk-lon-gw1:e1/9 outside zone
  channel-group 1 mode on
  no nameif
  no security-level
  no ip address
  interface GigabitEthernet0/2
  description fw1:G0/2 to uk-lon-sw1a:1 fw2:G0/2 to uk-lon-sw1a:2 dmz
  channel-group 2 mode on
  no nameif
  no security-level
  no ip address
  interface GigabitEthernet0/3
  description fw1:G0/3 to uk-lon-sw1b: fw2:G0/3 to uk-lon-sw1b:2 dmz
  channel-group 2 mode on
  no nameif   
  no security-level
  no ip address
  interface Management0/0
  management-only
  nameif management
  security-level 0
  ip address 10.10.51.18 255.255.254.0
  interface GigabitEthernet1/0
  description fw1:G1/0 to uk-lon-sw1a:3 fw2:G1/0 to uk-lon-sw1a:4 secure zone
  no nameif
  no security-level
  no ip address
  interface GigabitEthernet1/1
  description fw1:G1/1 to uk-lon-sw1b:3 fw2:G1/1 to uk-lon-sw1b:4 secure zone
  no nameif
  no security-level
  no ip address
  interface GigabitEthernet1/2
  description LAN Failover Interface
  no nameif   
  no security-level
  no ip address
  interface GigabitEthernet1/3
  description STATE Failover Interface
  no nameif
  no security-level
  no ip address
  interface Port-channel1
  description outside zone
  no nameif
  no security-level
  no ip address
  interface Port-channel1.5
  description outside zone Bundle FW:G0/0-G0/1 connect to GW1:e1/8-GW2:e1/8
  vlan 5
  nameif outside
  security-level 0
  ip address 216.239.105.5 255.255.255.128 standby 216.239.105.6
  interface Port-channel2
  description dmz Bunlde uk-lon-fw:G0/2-3 to sw1a:1-2 sw1b:1-2
  no nameif
  no security-level
  no ip address
  interface Port-channel2.105
  description dmz
  vlan 105
  nameif dmz
  security-level 50
  ip address 216.239.105.193 255.255.255.192 standby 216.239.105.194
  interface Port-channel3
  description secure zone Bunlde uk-lon-fw:G1/0-1 to sw1a:3-3 sw1b:3-4
  no nameif
  security-level 100
  ip address 10.254.105.1 255.255.255.0 standby 10.254.105.2
  UK-LON-FW(config-if)# 

  Hi Marvin,
  Thank you for your answer.  I did everything but it did not work. Turn out it is a bug ver 8.45 will let you created the sub logical interface but actually it did not work right.  Verson 9.x  doesn't let you create more than 2 port channel (limitation of ASA5550 hardware).
  https://tools.cisco.com/bugsearch/bug/CSCtq62715/?reffering_site=dumpcr 
  Also, you can see the 8.4 release notes were you can see that it is not supported:
  http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/release/notes/asarn84.html#pgfId-522232
  Interface Features
  EtherChannel support (ASA 5510 and higher)
  You can configure up to 48 802.3ad EtherChannels of eight active interfaces each.
  Note You cannot use interfaces on the 4GE SSM, including the integrated 4GE SSM in slot 1 on the ASA 5550, as part of an EtherChannel.
  We introduced the following commands: channel-group , lacp port-priority , interface port-channel , lacp max-bundle , port-channel min-bundle , port-channel load-balance , lacp system-priority , clear lacp counters , show lacp , show port-channel .

• Create port channel between UCS-FI and MDS 9124 (F Mode)

  Dear Team,
  We were trying to create  port channel between UCS FI and MDS 9124
  But the port channel not getting active in F mode on MDS 9124
  FI is in FC End Host Mode
  We have enabled FC uplink trunking on FI
  We have enabled NPIV on MDS
  We have enabled trunk on MDS
  FI and MDS in default VSAN
  To check we changed the FI mode to FC Switching mode and port channels became active but in E mode
  when we enabled FC uplink trunking on FI and FC Switching mode port channels became active in TE mode
  but in both the above cases showflogi database shows WWPN of SAN alone not showing any from FI.
  How to achive this?
  Have read that no need to change the swicthing mode to FC Switching mode and keep as FC Endhost mode
  SO how to achieve Port channel with F mode in MDS and FI ( Mode showing as NProxy)
  Does it has to do anything with MDS NX-OS version? (https://supportforums.cisco.com/thread/2179129)
  If yes how to upgrade as license for ports came along with Device and we do not have any PAC/PAK or license file as it came
  with license
  Also we have seen 2 files availabe for download (m9100-s2ek9-kickstart-mz.5.2.8b.bin and m9100-s2ek9-mz.5.2.8b.bin) which to use
  Thanks and Regards
  Jose

  Hi Jo Bo,
  what version of software if your MDS running?
  On your UCS do connect nxos and show inteface brieft and look at the mac address.
  it is possible that you might be hitting the bug below. if this is the case you might need to upgrade the firmware on your MDS.
  Add MAC OUI "002a6a", "8c604f", "00defb" for 5k/UCS-FI
  http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCty04686
  Symptom:
  Nexus switch unable to connect any other Nexus or other Cisco Switch in NPV mode with a F port-channel.   Issue might be seen in earlier 5.1 releases like
  5.1.3.N1.1a
  but not the latest
  5.1.3.N2.1c
  release. Issue is also seen in
  5.2(1)N1(1)
  and
  6.0(2)N1(1)
  and later releases.
  Conditions:
  Nexus configured for SAN PortChannels or NPIV trunking mode Nexus connected to UCS via regular F port channel where UCS in NPV mode  NPV edge switch: Port WWN OUI from UCS FI  or other Cisco manufactured switch:  xx:xx:00:2a:6a:xx:xx:xx   OR  xx:xx:8c:60:4f:xx:xx:xx
  Workaround:
  Turn-off trunking mode on Nexus 5k TF-port Issue does not happen with standard  F-PORT Remove SAN Portchannel config
  Further Problem Description:
  To verify the issue please collect  show flogi internal event-history errors  Each time the port is attempted OLS, NOS, LRR counters will increment. This can be determined via the following output,  show port internal info all show port internal event-history errors

• Nexus 1010v interfaces, port-channel, Catalyst 6500E VSS

  I'm installing a pair of 1010v-X appliances using flexible network option 5 on version 4.2(1)SP1(5.1).
  I have all interfaces grouped into a single port channel 6.  All interfaces uplink to a pair of Catalyst 6506Es in a VSS (Sup2T).
  My question relates to the VSS configuration.
  For example, do I set up one port-channel on the VSS and put all 12 interfaces in it? Or, do I set up two port-channels on the VSS and put the active 1010v-X in one port-channel and the standby into another port-channel?
  Do I set dot1q trunking up on the port-channel(s) on the VSS?
  Thanks.

  Hi,
  What version of IOS are you running on the ASAs?
  see table-12-3 in this link:
  http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/interface_start.html
  Also, since the 4500x are in VSS mode, you need to bundle one link from each switch and use LACP.
  HTH

• ASA5580 port channel to 6509 VSS

  Hi All,
  I hope this is the correct location for this.
  Anyway, here's the situation I'm trying to configure several VLANs on my ASA to uniquely allocate to contexts, the VLANs will be trunked from my VSS.
  Unfortunately I'm not clear on how to achieve this, the configuration guide for 8.4 talks about multiple contexts and routed setups all which don't appear to apply exactly. I've configured the port channel at both ends and I've configured sub-interfaces on the port channel and assigned VLAN IDs. These sub-interfaces are then allocated to the contexts to set 'ip address' etc. I've not been able to successfully test this configuration and I am concerned that it is incorrect..
  If anyone has any advice or suggestions I would be grateful?
  Many thanks.

  Well the good news is that I have been able to test my configuration.
  Using an infrequently utilised VLAN I disabled the current interface and brought up an allocated port on the new ASA which I successfully pinged the subinterface ip of (configured via a context of the ASA). The complication was using the correct VRF as the source! 
  All is good ready for the cut-over.
  Regards.

• SG-300 52p POE and the case of Native vlan forgotten on a Port-channel

  Hi
  We have recently changed our access switched to Cisco Small Business SG-300 52p on which is working firmware
  SW version    1.3.5.58
  We found out a very annoying problem on Port-channel and default vlan topic.
  Our switch have a default vlan diffrent to the vlan 1 that depends on the floor they are, and this native vlan is at first defined on the portchannel of our central switch, a Cisco 3750
  Example of a central switch port-channel with a define native vlan:
  interface Port-channel2
  description TO 1F
  switchport trunk encapsulation dot1q
  switchport trunk native vlan 6
  switchport trunk allowed vlan 4-6,11,13
  switchport mode trunk
  on the SG300 side the configuration is this:
  interface Port-channel2
  description 1F
  switchport trunk allowed vlan add 4-5,11,13
  !next command is internal.
  macro auto smartport dynamic_type switch
  As you can see there is no "switchport trunk native vlan 6" simply because the SG300 once i write it on the command line, it accepts the command but the command sentence is not written on the conf (why?!)
  the result is that everytime the SG300 is restarted on the port-channel i got two AUTO CREATED commands on the configuration "
  switchport trunk native vlan 1
  switchport default-vlan tagged
  that let not work the network on that floor until i manually write on the SG300
  no switchport default-vlan tagged
  switchport trunk native vlan 6
  These command, as said, works once i write them but are not viewed on a "sh run" and so saved on the conf so every time SG 300 is restarted i need to re-write them.
  Is this a bug?
  have i made some mistake?
  Please let me know
  regards
  Pietro

  Figure out!
  the problem was on macro i have to write this:
  macro auto processing type switch disabled
  and then everything starts going as it should be
  Regards
  Pietro

• Port-channel problem with WiSM

  Has anybody met following similar problem:
  I put WiSM into slot 3(also tried slot 6) of 6506(sup720-3B, s72033-adventerprisek9_wan-mz.122-33.SXH.bin), using following command to setup the port-channel:
  interface Port-channel1
  switchport
  switchport trunk encapsulation dot1q
  switchport trunk native vlan 5
  switchport trunk allowed vlan 1-1000
  switchport mode trunk
  int range g3/1-4
  switchport
  switchport trunk encapsulation dot1q
  switchport trunk native vlan 5
  switchport trunk allowed vlan 1-1000
  switchport mode trunk
  channel-group 1 mode on
  I can use "session slot 3 pro 1" to login to the WiSM, but can't ping WiSM's management IP address from 6506, then I find the port-channel has problem, only G3/1 is up and included in the channel, G3/2-4 are up but line protocol is down, then I found from the log that: "AESUT: %EC-SP-5-CANNOT_BUNDLE2: Gi3/2 is not compatible with Gi3/1 and will be suspended (qos-card type unavailable for Gi3/2 or Gi3/1)". It says those GE port are not compatible for qos-card type, but I checked the configuration, all GE using the same configuration. Don't know why, maybe a bug? Appreciate for any feedback

  I have the same problem, but it has something to do with QoS. When you disable "mls qos" on the switch, the port-channel will function normal again.
  It doesn't help when you configure "mls qos trust dscp" on the port-channel!!!!!

• Port-channel on ASA5520

  So everything I've read on Cisco's documentation here: http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/interface_start.html#wp1329030 says that I can create a port-channel on two physical interfaces that will uplink to a VSS pair.  However, the command is not recognized.  What am I missing? I've tried executing "channel-group #" on the physical interface and tried creating the port-channel 1st and neither commands exist.  I haven't seen it listed anywhere if it is only available after a specific piece of ASA software.  If it is the software would someone know what version at a minimum I need to upgrade to?  Below is an output from a show version
  Cisco Adaptive Security Appliance Software Version 8.0(4)
  Device Manager Version 6.1(3)
  Compiled on Thu 07-Aug-08 20:53 by builders
  System image file is "disk0:/asa804-k8.bin"
  Config file at boot was "startup-config"
  ########### up 43 days 23 hours
  Hardware:  ASA5520, 2048 MB RAM, CPU Pentium 4 Celeron 2000 MHz
  Internal ATA Compact Flash, 256MB
  BIOS Flash Firmware Hub @ 0xffe00000, 1024KB
  Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)                            
  Boot microcode  : CN1000-MC-BOOT-2.00                            
  SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03                            
  IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.05

  Hi,
  You need software 8.4(1) atleast to be able to configure Port Channel / Etherchannel
  Here is the section from the command reference which states this
  http://www.cisco.com/en/US/docs/security/asa/asa84/command/reference/i3.html#wp1932200
  Naturally in your case if you were to upgrade the ASA to 8.4(x) software it would mean that NAT configuration format would be totally different compared to your software version of 8.0.
  - Jouni

• Port Channel Flapping

  Hi guys,
  Would appreciate if you could find out what was going as per below output? I am not sure what they've done. At that time, one onsiteguy replace a new switch(2950C workgroup) and power on hub(connected to coreswitch). The 2 Vlans segment have changed to listen state(notice the subnet). I couldn't check on the switch because they've power down switch and hub at the same time. The problem has been rectified. I am not sure whether the hub caused the problem or the switch.
  Also the port-channel interface was up and running during the problem occurred
  Aug 31 12:27:13: %C4K_EBM-4-HOSTFLAPPING: Host 00:11:21:F9:4A:3F in vlan 2 is fl
  apping between port Gi3/44 and port Po2
  Aug 31 12:27:13: %C4K_EBM-4-HOSTFLAPPING: Host 00:11:21:F9:4A:3F in vlan 200 is
  flapping between port Gi3/9 and port Po2
  Aug 31 12:27:17: IP-EIGRP: Neighbor 10.10.40.77 not on common subnet for Vlan2
  (10.10.47.2 255.255.255.0)
  Aug 31 12:27:26: %C4K_EBM-4-HOSTFLAPPING: Host 00:11:21:F9:4A:3F in vlan 2 is fl
  apping between port Gi3/44 and port Po2
  Aug 31 12:27:27: IP-EIGRP: Neighbor 10.10.47.10 not on common subnet for Vlan20
  0 (10.10.40.23 255.255.252.0)
  Aug 31 12:27:28: %C4K_EBM-4-HOSTFLAPPING: Host 00:11:21:F9:4A:3F in vlan 200 is
  flapping between port Gi3/9 and port Po2
  Aug 31 12:27:34: %STANDBY-3-DIFFVIP1: Vlan200 Group 0 active routers virtual
  IP address 10.10.47.1 is different to the locally configured
  address 10.10.40.1
  Aug 31 12:27:38: IP-EIGRP: Neighbor 10.10.40.23 not on common subnet for Vlan2
  (10.10.47.2 255.255.255.0)
  Aug 31 12:27:43: %C4K_EBM-4-HOSTFLAPPING: Host 00:11:21:F9:4A:3F in vlan 2 is fl
  apping between port Gi3/44 and port Po2
  Aug 31 12:27:46: %C4K_EBM-4-HOSTFLAPPING: Host 00:11:21:F9:4A:3F in vlan 200 is
  flapping between port Gi3/9 and port Po2
  Aug 31 12:27:49: IP-EIGRP: Neighbor 10.10.40.25 not on common subnet for Vlan2
  (10.10.47.2 255.255.255.0)
  Aug 31 12:27:55: %C4K_EBM-4-HOSTFLAPPING: Host 00:11:21:F9:4A:3F in vlan 2 is fl
  apping between port Gi3/44 and port Po2<<<
  Aug 31 12:28:00: IP-EIGRP: Neighbor 10.10.47.10 not on common subnet for Vlan20<<<
  0 (10.10.40.23 255.255.252.0)
  Aug 31 12:28:00: %C4K_EBM-4-HOSTFLAPPING: Host 00:11:21:F9:4A:3F in vlan 200 is
  flapping between port Gi3/9 and port Po2<<<<<<
  Problem when showed the output below
  Coreswitch00#show standby brie
  Interface Grp Prio P State Active addr Standby addr Group addr
  Vl2 0 200 Active local 10.10.40.23 10.10.47.1
  Vl200 0 200 Standby 10.10.47.2 local 10.10.40.1
  Coreswitch01#show standby brie
  P indicates configured to preempt.
  |
  Interface Grp Prio P State Active addr Standby addr Group addr
  Vl2 0 100 Listen 10.10.47.2 10.10.40.23 10.10.47.1
  Vl200 0 100 Listen 10.10.47.2 10.10.40.23 10.10.40.1
  ==============================================================================
  Problem has been rectified. They have power down the hub and workgroup
  Coreswitch00#show standby brie
  P indicates configured to preempt.
  |
  Interface Grp Prio P State Active addr Standby addr Group addr
  Vl2 0 200 Active local 10.10.47.10 10.10.47.1
  Vl200 0 200 Active local 10.10.40.25 10.10.40.1
  Coreswitch01#show standby brie
  P indicates configured to preempt.
  |
  Interface Grp Prio P State Active addr Standby addr Group addr
  Vl2 0 100 Standby 10.10.47.2 local 10.10.47.1
  Vl200 0 100 Standby 10.10.40.23 local 10.10.40.1

  Hi,
  The error messages shows that there was an STP loop or physical layer problem in the n/w. Generally these error messages indicate a possible Layer-2 loop in the n/w. I think there was some redundent link between the Work group switch and the hub due to which a loop was there and hence the Mac-address was seen on two diff ports and reported a host is flapping.
  Please see the link below :
  http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080094afd.shtml#t3
  HTH,
  -amit singh

• Nexus 6004: Question about port-profile type port-channel

  I'm setting up a new deployment of Nexus 6004 switches and want to utilize port-profiles as much as possible to simplify management down the road.
  All uplinks to other switches, routers and firewalls will be connected using VPC:s. On the port-channels (vpc) the only thing that will change over time is the allowed vlans.
  It seems that port-profiles of the type port-channel does not behave in the same way as those with type ethernet, at least not when adding vlans.
  If I modify the port-profile using "switchport trunk allowed vlan add XXX" it will delete the previous config and only retain "switchport trunk allowed vlan add XXX", and not merge it with the previous config as is expected. 
  Question: Is this a bug or is it working as intended?
  RH_N6K4_01(config-sync)# switch-profile rh
  Switch-Profile started, Profile ID is 1
  RH_N6K4_01(config-sync-sp)# port-profile type port-channel FIREWALL-UPLINK
  RH_N6K4_01(config-sync-port-prof)# switchport trunk allowed vlan 3
  RH_N6K4_01(config-sync-port-prof)# verify 
  Verification Successful
  RH_N6K4_01(config-sync-sp)# commit
  Verification successful...
  Proceeding to apply configuration. This might take a while depending on amount of configuration in buffer.
  Please avoid other configuration changes during this time.
  Commit Successful
  RH_N6K4_01(config-sync)# show port-profile 
  SHOW PORT_PROFILE
  port-profile FIREWALL-UPLINK
   type: Port-channel
   description: 
   status: enabled
   max-ports: 512
   inherit: 
   config attributes:
    switchport mode trunk
    switchport trunk allowed vlan 3
   evaluated config attributes:
    switchport mode trunk
    switchport trunk allowed vlan 3
   assigned interfaces:
  ===================================
  RH_N6K4_01(config-sync-sp)# port-profile type port-channel FIREWALL-UPLINK
  RH_N6K4_01(config-sync-port-prof)# switchport trunk allowed vlan add 84
  RH_N6K4_01(config-sync-port-prof)# verify 
  Verification Successful
  RH_N6K4_01(config-sync-sp)# commit 
  Verification successful...
  Proceeding to apply configuration. This might take a while depending on amount of configuration in buffer.
  Please avoid other configuration changes during this time.
  Commit Successful
  RH_N6K4_01(config-sync)# show port-profile 
  SHOW PORT_PROFILE
  port-profile FIREWALL-UPLINK
   type: Port-channel
   description: 
   status: enabled
   max-ports: 512
   inherit: 
   config attributes:
    switchport mode trunk
    switchport trunk allowed vlan add 84
   evaluated config attributes:
    switchport mode trunk
    switchport trunk allowed vlan add 84
   assigned interfaces:
  Expected behavior here would be "switchport trunk allowed vlan 3,84". This only occurs when using "port-profile type port-channel" not when using "port-profile type ethernet"

  <> is template syntax and is generally the type of object a container holds..   So it is defining that the MSGQUEUE type is a deque holding struct_buffer*'s.