EAPS Warning: Received Health-Pdu from another Master

  • 0
  • 1
  • Problem
  • Updated 3 years ago
  • Solved
We have a setup with 3 EAPS domains, one of the domains we had to replace the stack master today, once that was done, the following message is showing up once a second on that stack: 

05/31/2015 13:06:49.85 <Warn:EAPS.RxAnotherMaster> Slot-1: EAPSD IDF01 - Received Health-Pdu from another Master (02:04:96:8F:95:E2) on the same domain.

Slot 1 used to be the master, it is currently the backup on that stack.  Could that be causing that error message?

Everything looks fine from an EAPS standpoint, and its been an hour with no other errors other than that warning, I'm just not a fan of unknown warning messages spamming my logs.

This is the 'sh eaps' output from the stack in question: 
Slot-2 IDF01.4 # sh eaps idf01
  Name: IDF01                                   Priority: Normal
  State: Complete                               Running: Yes
  Enabled: Yes    Mode: Master
  Primary port:   6:53          Port status: Up Tag status: Tagged
  Secondary port: 1:53          Port status: Blocked    Tag status: Tagged
  Hello Egress Port: Primary
  Hello timer interval: 1  sec  0  millisec
  Fail timer interval:  3  sec  0  millisec
  Fail Timer expiry action: Send alert
  Last update: From Master Id 02:04:96:8f:95:e2, at Sun May 31 13:14:58 2015
  EAPS Domain has following Controller Vlan:
    Vlan Name                    VID
    c1                           101
  EAPS Domain has following Protected Vlan(s):
    Vlan Name                    VID
    HR                           30
    IT                           17
    LC                           170
    QA                           19
    ENG                          18
    MFG                          21
    CONF                         23
    FLEX                         70
    VOIP                         80
    WIFI                         12
    PRINT                        16
    OFFICE                       22
    REPAIR                       60
    APPSENG                      20
    CONFDMZ                      24
    WIFIDMZ                      26
    SecurityCameras              117
  Number of Protected Vlans: 17
Photo of Ron Prague

Ron Prague

  • 742 Points 500 badge 2x thumb

Posted 3 years ago

  • 0
  • 1


  • 4,382 Points 4k badge 2x thumb
Trace the MAC address of the stack I'm warning message is it of the same stack ?
Photo of Kawawa

Kawawa, GTAC

  • 3,292 Points 3k badge 2x thumb
This error only occurs when you have configured more than a single Master within an EAPS domain.  You can run: the show eaps command to see a summary of your EAPS domains, If you have another Master you should see the following output:
Domain  State   Mo  En  Pri    Sec    Control-Vlan VID   Count Prio
dom01   Init [F] M   Y    1      2     c1_vlan      (100 ) 1     N
Furthermore, an error will be logged every every time a participating nodes receives a second hello packet.  Your EAPS domain will remain in the Initialization state with [Fail timer expired] until you disable the rogue Master and disable it.

In your case, that rogue Master is 02:04:96:8F:95:E2 if the switch that's currently logging this error is the known master.  You can then check your forwarding database to see the what switch in your network or within your stack that MAC belongs to.
Photo of Ron Prague

Ron Prague

  • 742 Points 500 badge 2x thumb
02:04:96:8F:95:E2 is a non-EAPS VLAN ip address on slot 1 of the IDF01 stack.  We use a separate copper drop for SNMP monitoring.
VLAN Interface with name NMS created by user
    Admin State:         Enabled     Tagging:   802.1Q Tag 4094
    Description:         None
    Virtual router:      VR-Default
    IPv4 Forwarding:     Disabled
    IPv4 MC Forwarding:  Disabled
    Primary IP:
    IPv6 Forwarding:     Disabled
    IPv6 MC Forwarding:  Disabled
    IPv6:                None
    STPD:                None
    Protocol:            Match all unfiltered protocols
    Loopback:            Disabled
    NetLogin:            Disabled
    OpenFlow:            Disabled
    TRILL:               Disabled
    QosProfile:          None configured
    Egress Rate Limit Designated Port: None configured
    Flood Rate Limit QosProfile:       None configured
    Ports:   3.           (Number of active ports=2)
       Untag:   *1:49,  *6:51,   6:52
Stack Topology is a Ring
Node MAC Address    Slot  Stack State  Role     Flags
------------------  ----  -----------  -------  ---
*00:04:96:8f:96:3f  2     Active       Master   CA-
 00:04:96:8f:96:5a  3     Active       Standby  CA-
 00:04:96:8f:d2:4f  4     Active       Standby  CA-
 00:04:96:8f:96:40  5     Active       Standby  CA-
 00:04:96:8f:96:4f  6     Active       Standby  CA-
 00:04:96:8f:b3:1e  1     Active       Backup   CA-
* - Indicates this node
Flags:  (C) Candidate for this active topology, (A) Active Node
        (O) node may be in Other active topology

The stack has 2x10GB fiber top and bottom that are the EAPS ports, 1:53 secondary, 6:53 primary.

Slot 1 in this stack has a copper Gbic in port 1:49 untagged in the NMS vlan which is not protected via EAPS or the control vlan.
This is the same exact configuration we had prior to the top of stack switch changeout we did this weekend.  The only difference in the stack right now is that slot 1 is the backup and slot 2 is the master. (And the same configuration on our other two EAPS domains)

Why would a non-EAPS, non-control vlan be advertising EAPS information, and what can I do to fix that?
Photo of OscarK

OscarK, ESE

  • 7,912 Points 5k badge 2x thumb
When you create a stack the stack will use a mac address 02:04:96.xxx which is in fact just the masters mac address starting with 02 instead of 00. This is the stack mac address which will stay the same even if the backup takes over from the master or if the master slot is removed.
However for this to work the stack mac address must be configured right and sometimes when adding nodes to a stack this must be re-configured on these new stack units.
I think the new master slot did not have the stack mac address configured so when the backup slot took over the stack started using a different mac address. The other switches in the ring detected the eaps master   changed its mac address and started to log this event.
To correct this from happening again you must ensure the stack mac address is configured right.
You can do this using the command "configure stacking mac-addresss"