EAPS Warning: Received Health-Pdu from another Master


Userlevel 2
We have a setup with 3 EAPS domains, one of the domains we had to replace the stack master today, once that was done, the following message is showing up once a second on that stack:

05/31/2015 13:06:49.85 Slot-1: EAPSD IDF01 - Received Health-Pdu from another Master (02:04:96:8F:95:E2) on the same domain.[/code]
Slot 1 used to be the master, it is currently the backup on that stack. Could that be causing that error message?

Everything looks fine from an EAPS standpoint, and its been an hour with no other errors other than that warning, I'm just not a fan of unknown warning messages spamming my logs.

This is the 'sh eaps' output from the stack in question:
Slot-2 IDF01.4 # sh eaps idf01
Name: IDF01 Priority: Normal
State: Complete Running: Yes
Enabled: Yes Mode: Master
Primary port: 6:53 Port status: Up Tag status: Tagged
Secondary port: 1:53 Port status: Blocked Tag status: Tagged
Hello Egress Port: Primary
Hello timer interval: 1 sec 0 millisec
Fail timer interval: 3 sec 0 millisec
Fail Timer expiry action: Send alert
Last update: From Master Id 02:04:96:8f:95:e2, at Sun May 31 13:14:58 2015
EAPS Domain has following Controller Vlan:
Vlan Name VID
c1 101
EAPS Domain has following Protected Vlan(s):
Vlan Name VID
HR 30
IT 17
LC 170
QA 19
ENG 18
MFG 21
CONF 23
FLEX 70
VOIP 80
WIFI 12
PRINT 16
OFFICE 22
REPAIR 60
APPSENG 20
CONFDMZ 24
WIFIDMZ 26
SecurityCameras 117
Number of Protected Vlans: 17[/code]

5 replies

Userlevel 4
Trace the MAC address of the stack I'm warning message is it of the same stack ?
Userlevel 5
This error only occurs when you have configured more than a single Master within an EAPS domain. You can run: the show eaps command to see a summary of your EAPS domains, If you have another Master you should see the following output:
-----------------------------------------------------------------------
Domain State Mo En Pri Sec Control-Vlan VID Count Prio
-----------------------------------------------------------------------
dom01 Init [f] M Y 1 2 c1_vlan (100 ) 1 N
-----------------------------------------------------------------------[/code]Furthermore, an error will be logged every every time a participating nodes receives a second hello packet. Your EAPS domain will remain in the Initialization state with [Fail timer expired] until you disable the rogue Master and disable it.

In your case, that rogue Master is 02:04:96:8F:95:E2 if the switch that's currently logging this error is the known master. You can then check your forwarding database to see the what switch in your network or within your stack that MAC belongs to.
Userlevel 2
Kawawa wrote:

This error only occurs when you have configured more than a single Master within an EAPS domain. You can run: the show eaps command to see a summary of your EAPS domains, If you have another Master you should see the following output:
-----------------------------------------------------------------------
Domain State Mo En Pri Sec Control-Vlan VID Count Prio
-----------------------------------------------------------------------
dom01 Init [f] M Y 1 2 c1_vlan (100 ) 1 N
-----------------------------------------------------------------------[/code]Furthermore, an error will be logged every every time a participating nodes receives a second hello packet. Your EAPS domain will remain in the Initialization state with [Fail timer expired] until you disable the rogue Master and disable it.

In your case, that rogue Master is 02:04:96:8F:95:E2 if the switch that's currently logging this error is the known master. You can then check your forwarding database to see the what switch in your network or within your stack that MAC belongs to.

02:04:96:8F:95:E2 is a non-EAPS VLAN ip address on slot 1 of the IDF01 stack. We use a separate copper drop for SNMP monitoring. VLAN Interface with name NMS created by user Admin State: Enabled Tagging: 802.1Q Tag 4094 Description: None Virtual router: VR-Default IPv4 Forwarding: Disabled IPv4 MC Forwarding: Disabled Primary IP: 172.16.25.13/24 IPv6 Forwarding: Disabled IPv6 MC Forwarding: Disabled IPv6: None STPD: None Protocol: Match all unfiltered protocols Loopback: Disabled NetLogin: Disabled OpenFlow: Disabled TRILL: Disabled QosProfile: None configured Egress Rate Limit Designated Port: None configured Flood Rate Limit QosProfile: None configured Ports: 3. (Number of active ports=2) Untag: *1:49, *6:51, 6:52 Stack Topology is a Ring Node MAC Address Slot Stack State Role Flags ------------------ ---- ----------- ------- --- *00:04:96:8f:96:3f 2 Active Master CA- 00:04:96:8f:96:5a 3 Active Standby CA- 00:04:96:8f:d2:4f 4 Active Standby CA- 00:04:96:8f:96:40 5 Active Standby CA- 00:04:96:8f:96:4f 6 Active Standby CA- 00:04:96:8f:b3:1e 1 Active Backup CA- * - Indicates this node Flags: (C) Candidate for this active topology, (A) Active Node (O) node may be in Other active topology The stack has 2x10GB fiber top and bottom that are the EAPS ports, 1:53 secondary, 6:53 primary. Slot 1 in this stack has a copper Gbic in port 1:49 untagged in the NMS vlan which is not protected via EAPS or the control vlan. This is the same exact configuration we had prior to the top of stack switch changeout we did this weekend. The only difference in the stack right now is that slot 1 is the backup and slot 2 is the master. (And the same configuration on our other two EAPS domains) Why would a non-EAPS, non-control vlan be advertising EAPS information, and what can I do to fix that?
[/code]
Userlevel 2
02:04:96:8F:95:E2 is a non-EAPS VLAN ip address on slot 1 of the IDF01 stack. We use a separate copper drop for SNMP monitoring.
VLAN Interface with name NMS created by user
Admin State: Enabled Tagging: 802.1Q Tag 4094
Description: None
Virtual router: VR-Default
IPv4 Forwarding: Disabled
IPv4 MC Forwarding: Disabled
Primary IP: 172.16.25.13/24
IPv6 Forwarding: Disabled
IPv6 MC Forwarding: Disabled
IPv6: None
STPD: None
Protocol: Match all unfiltered protocols
Loopback: Disabled
NetLogin: Disabled
OpenFlow: Disabled
TRILL: Disabled
QosProfile: None configured
Egress Rate Limit Designated Port: None configured
Flood Rate Limit QosProfile: None configured
Ports: 3. (Number of active ports=2)
Untag: *1:49, *6:51, 6:52

Stack Topology is a Ring
Node MAC Address Slot Stack State Role Flags
------------------ ---- ----------- ------- ---
*00:04:96:8f:96:3f 2 Active Master CA-
00:04:96:8f:96:5a 3 Active Standby CA-
00:04:96:8f:d2:4f 4 Active Standby CA-
00:04:96:8f:96:40 5 Active Standby CA-
00:04:96:8f:96:4f 6 Active Standby CA-
00:04:96:8f:b3:1e 1 Active Backup CA-
* - Indicates this node
Flags: (C) Candidate for this active topology, (A) Active Node
(O) node may be in Other active topology[/code]

The stack has 2x10GB fiber top and bottom that are the EAPS ports, 1:53 secondary, 6:53 primary.

Slot 1 in this stack has a copper Gbic in port 1:49 untagged in the NMS vlan which is not protected via EAPS or the control vlan.
This is the same exact configuration we had prior to the top of stack switch changeout we did this weekend. The only difference in the stack right now is that slot 1 is the backup and slot 2 is the master. (And the same configuration on our other two EAPS domains)

Why would a non-EAPS, non-control vlan be advertising EAPS information, and what can I do to fix that?
Userlevel 6
When you create a stack the stack will use a mac address 02:04:96.xxx which is in fact just the masters mac address starting with 02 instead of 00. This is the stack mac address which will stay the same even if the backup takes over from the master or if the master slot is removed.
However for this to work the stack mac address must be configured right and sometimes when adding nodes to a stack this must be re-configured on these new stack units.
I think the new master slot did not have the stack mac address configured so when the backup slot took over the stack started using a different mac address. The other switches in the ring detected the eaps master changed its mac address and started to log this event.
To correct this from happening again you must ensure the stack mac address is configured right.
You can do this using the command "configure stacking mac-addresss"

http://documentation.extremenetworks.com/exos_commands/EXOS_All/EXOS_Commands_All/r_configure-stacki...

Reply