PDF(63.8 KB) View with Adobe Reader on a variety of devices
ePub(107.6 KB) View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
Mobi (Kindle)(178.9 KB) View on Kindle device or Kindle app on multiple devices
Updated:December 20, 2017
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This document explains how Source MAC address field in Spanning Tree Protocol (STP) control packets is populated on Nexus Series Switches.
Contributed by Nikolay Kartashev, Jun Wang, Cisco TAC Engineers.
Cisco recommends that you have knowledge of these topics:
Virtual port channels (vPC) on Nexus Series Switches
The information in this document is based on the Nexus 7000 Series Switch platform.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
vPC allows links that are physically connected to two different Cisco Nexus 7000 Series devices to appear as a single port channel by a third device. The third device can be a switch, server, or any other network device that supports link aggregation technology.
Similar to Cisco Catalyst Series Switches, Cisco Nexus Series Switches use STP to build a logical loop-free topology for Ethernet networks.
Since vPC belongs to Multichassis EtherChannel (MCEC) family of technology, Source MAC address field of STP control packets, also known as Bridge Protocold Data Units (BPDU) requires special guide to properly represent vPC domain as a single switch.
Here is a reminder of typical BPDU stucture, where Source Address field is the focus of this document's discussion as shown in the image
Cisco Nexus Series Switches use virtual MAC address in Source MAC address field of BPDUs sent out virtual port channel interfaces. This MAC address is the same for both vPC peers. This ensures consistent and seamless behaviour in vPC failover scenarios.
When you troubleshoot STP in vPC network environment there is often a confusion caused by the fact that Nexus Series Switches might use other vendors MAC addresses in the Source MAC address field of some originated BPDUs. These sections explain the reason behind this, and compare this behaviour among different Nexus Series Platforms.
Consider an example where a pair of Nexus 7000 Series Switches form vPC domain and have connections to a couple of access switches. One access switch is connected to vPC domain via vPC orphan port and another access switch is connected via virtual port channel interface. Both vPC orphan port and virtual port channel are configured as layer 2 trunk interfaces as shown in the image
In this example, while vPC interface carries vPC-enabled vlans only, vPC orphan port trunks both vPC-enabled and non-vPC-enabled vlans.
Here is the configuration of vPC interface on first Nexus 7000 Series Switch. Second Nexus 7000 Series Switch has identical configuration.
Note: Use of port MAC address as the Source MAC address field in outgoing BPDUs is the default behaviour on Cisco Nexus Series Switch and Cisco Catalyst Series Switch platforms.
STP on vPC
Source MAC address of BPDUs sent out virtual port channels by Nexus Series Switches is constructed in this way:
vPC BPDU Source MAC address = 0026.fxxx.0000
where xxx is vPC port channel number.
For example, this packet capture shows value 0x03c in vPC port channel number position, which translates to decimal value of 60. This is the number of virtual port channel configured on Nexus 7000 Series Switches.
However, checks for Organizationally Unique Identifier (OUI) of Source MAC address 00:26:f0:3c:00:00 show that this MAC address is part of the range allocated to cTrixs International GmbH organization.
Note: Non-vPC Port Channel interfaces get MAC address from the first operational interface. Source MAC address field of outgoing BPDUs uses Port Channel interface MAC address.
Change of Behaviour
Starting from 5.2(1)N1(9), 7.1(4)N1(1) for Nexus 5000 Series Switches, Cisco allocates a range of MAC addresses from 0026.0bf1.f000 to 0026.0bf2.2ffff to be used by NX-OS for Source MAC address in BPDUs sent on Virtual Port-Channel interfaces.
vPC BPDU Source MAC address = 0026.0bf1.fxxx
where xxx is vPC port channel number.
With introduced changes, Source MAC address of originated BPDUs sent out virtual port channel 60 on Nexus 5000 Series Switches would be 00:26:0b:f1:f0:3c, which has OUI of Cisco Systems, Inc.
Default behaviour is not changed for Nexus 7000 and Nexus 9000 Series Switches. However, starting from 6.1(3) for Nexus 7000 and 7.0(3)I6(2), 7.0(3)I7(2) for Nexus 9000, you can use this command in vPC domain configuration mode to perform this change.
Nexus7000-1(config-vpc-domain)# mac-address bpdu source version 2
This warning message is displayed to inform you of impact this configuration command has.
Warning: This command will trigger STP to use new Cisco MAC address (00:26:0b:xx:xx:xx) as the sources address of BPDU generated on vPC ports. It is important both vPC peer devices have identical configuration of this parameter. You may also disable Ether channel guard on the edge devices prior to issuing this comm- and to minimize traffic disruption due STP inconsistencies. It is recommended to re-enable the Ether channel guard after updating the related configuration on both peers. Continue? (yes/no) [no]
There is currently no verification procedure available for this configuration.
There is currently no specific troubleshooting information available for this configuration.
STP PDUs are not used by MAC address learning mechanism on Cisco switches, hence use of non-Cisco Source MAC address does not have a negative impact in day to day Layer 2 network operations. However, to comply with standards, self-originated BPDUs should have Source MAC address field populated from allocated range of MAC addresses. Cisco Nexus Series Switches provide such compliance in Cisco NX-OS Software with the change of default setting for Nexus 5000 Series Switches and Nexus 9000 Series Switches, and with the provision of the command line configuration option on Nexus 7000 Series Switches.