MAC flapping

Hi,
I have a problem with MAC flapping on one of my switches. I didn't setup that environment and I founded that recently. I think person which was in company before made there mistake with configuration.
Below here is a picture how it is connected. Basically from server to switch there is 2 cables going and they are using the samne VLAN.
On the picture I pasted config of switchports and output from syslog.
What I'm thinking is to make this two switchport in one EtherChannel using channel-group command. What do You think ??
Best Regards, Jacek

Well, I think that etherchannel with "mode on" should work in this kind of environment...give it a try. Also, check on this link if everything about bonding is OK with your linux:
http://www.charleshooper.net/blog/link-aggregation-on-a-redhat-centos-server-and-a-cisco-catalyst-switch
It's for CentOS but I suppose it's similar for every other Linux...
I suppose you know how to configure etherchannel on Cisco side...
HTH,
Dragan

Similar Messages

Large amount of traffic with 152x mesh and mac-flap

We have just had a Mesh designed by an external company, and when we plugged it in we began have large numbers of mac-flap notification and more than 700mb of traffic sent across our data network.
Our setup includes 2 5508 controllers and 9 152x APs
3 APs (RAP) with their 5.8 antennas are within close proximity on a vertical pole pointing to the other 6 about 1000mtrs away in an arc. With their ethernet ports plugged into the same switch (native vlan 111) as WLC1 (which is LAG'd to two ports)
Vlan 111 for management of Mesh
Vlan 201 for WLAN
DHCP scope on DC on Vlan 100 (helper address from router)
Q, will the closeness of the 5.8 antennas cause any problems with mac-flap or is likely to be the controllers with their LAG connections or something totally different?
Thanks for any help

Andrew,
the proximity of the antennas shouldn't cause the mac-flap notification, nor should the LAG connection cause this. That's more and indication that the client is flopping between ports on the switch, which generally happens when you are not configured for LAG on the WLC, nor a port-channel on the switch.
the mac address that is being reported in the mac-flap. Is it a client or is it the MAPs?
If it's one of hte MAPs, you may want to check the antennas of the RAPs, since the MAPs sholdl stabliaze once AWPP has run and optimized the path to the network. If they are flapping I would look at possible RF or antenna issues.
HTH,
Steve
Please remember to rate helpful posts or to mark the question as answered so that it can be found later.

MAC Flapping Issue

Dear Folks,
I am working with a IT organization as network administrator, at client site we are getting the MAC FLAPPING issue since 1 month, due to that some time it completely down my whole network. Scenario is like that, we are using Ruckus AP and Zone director as a WLAN controller which is directly conecteted with our core switch. Rest of indoor AP's are connected with Distribute and access switch. Now since 1 month we are getting in core switch below mention notification -
#sh log
Log Buffer (8192 bytes):
889842: Nov 18 13:46:37.182 IST: %SYS-5-CONFIG_I: Configured from console by iympladmin on console
889843: 001585: Nov 18 13:47:09.724 IST: %SW_MATM-4-MACFLAP_NOTIF: Host c4d9.879b.cf99 in vlan 13 is flapping between port Gi1/1/4 and port Gi1/1/3 (nhcin-sjp01-2)
889844: Nov 18 13:49:17.806 IST: %LINK-3-UPDOWN: Interface GigabitEthernet2/0/37, changed state to up
889845: Nov 18 13:49:19.818 IST: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/0/37, changed state to up
889846: 001586: Nov 18 14:04:57.394 IST: %SW_MATM-4-MACFLAP_NOTIF: Host c4d9.87aa.d584 in vlan 13 is flapping between port Gi2/0/41 and port Gi2/0/35 (nhcin-sjp01-2)
889847: 001587: Nov 18 14:13:39.784 IST: %SW_MATM-4-MACFLAP_NOTIF: Host 0008.2292.1440 in vlan 12 is flapping between port Gi2/1/2 and port Gi1/1/4 (nhcin-sjp01-2)
889848: 001588: Nov 18 14:15:35.735 IST: %SW_MATM-4-MACFLAP_NOTIF: Host 1c3e.843e.c441 in vlan 13 is flapping between port Gi2/0/41 and port Gi2/0/35 (nhcin-sjp01-2)
889849: Nov 18 14:23:23.346 IST: %SW_MATM-4-MACFLAP_NOTIF: Host 14f6.5afa.ecb9 in vlan 12 is flapping between port Gi2/0/37 and port Gi2/0/35
889850: 001589: Nov 18 14:23:23.415 IST: %SW_MATM-4-MACFLAP_NOTIF: Host 14f6.5afa.ecb9 in vlan 12 is flapping between port Gi2/0/37 and port Gi2/0/35 (nhcin-sjp01-2)
889851: Nov 18 14:32:33.860 IST: %SW_MATM-4-MACFLAP_NOTIF: Host c0cb.3886.30cb in vlan 13 is flapping between port Gi2/0/41 and port Gi2/0/35
889852: 001590: Nov 18 14:32:33.954 IST: %SW_MATM-4-MACFLAP_NOTIF: Host c0cb.3886.30cb in vlan 13 is flapping between port Gi2/0/41 and port Gi2/0/35 (nhcin-sjp01-2)
889853: 001591: Nov 18 14:33:05.755 IST: %SW_MATM-4-MACFLAP_NOTIF: Host 843a.4b15.187a in vlan 12 is flapping between port Gi2/0/41 and port Gi2/0/35 (nhcin-sjp01-2)
889854: 001592: Nov 18 14:33:07.017 IST: %SW_MATM-4-MACFLAP_NOTIF: Host 6c88.14a0.93d8 in vlan 12 is flapping between port Gi2/0/41 and port Gi2/0/35 (nhcin-sjp01-2)
nhcin-sjp01#
As mentioned in msg 12 & 13 VLAN is our WLAN.
After getting this msg automatically all network goes down, I need to shut down the associated port winch is directly or indirectly connected with AP, and after some time it will work properly.
Now I need some mechanism which can be block the duplicate source mac address to preventing from this kind of scenario.
Regards,
Shekhar

Hi Devils,
Answer is in below -
1. Are those MAC addresses actual Wireless Hosts? i.e have you traced them?
= Yes, those are actual wireless MAC add, I have check in zone director controller.
2. Are the SSID's set to tunnel?
=No
3. Do you have one ZoneDirector or two?
=Two, both of them are connected with core switch.
I have been confirmed about that if wireless users are roaming between two AP or more it will appear the same error msg, now what would be the solution. ????
What extly the solution is?>
Where should i implement the solution on switch or zone director?
Please suggest!!!!!

MAC flapping on WLC ports

Hi all,
I've been getting
.Feb 23 10:59:50: %C4K_EBM-4-HOSTFLAPPING: Host 7C:E9:D3:9A:DC:99 in vlan 1 is flapping between port Gi3/2 and port Fa4/14
.Feb 23 11:00:01: %C4K_EBM-4-HOSTFLAPPING: Host B8:EE:65:71:55:12 in vlan 1 is flapping between port Fa4/14 and port Gi3/2
.Feb 23 11:01:14: %C4K_EBM-4-HOSTFLAPPING: Host 18:CF:5E:FD:41:B8 in vlan 1 is flapping between port Gi3/2 and port Fa4/14
entries on my core switch.
I get the same error for different MACs but always the same 2 ports - Gi3/2 and Fa4/14
The topology looks like this:
both WLC are connected to the same core switch:
Core 2 has WLC-2 connected to Gi 3/2 and Core 2 has C2960S connected to Fa4/14, C2960S has WLC-1 connected to Gig 0/24
Any idea on why the WLC links are showing MAC Flaps?
thanks for the support,

Hi mgonzalez15,
MAC flapping logs within a wireless environment is an expected behavior. The reason of these messages is that wireless hosts (as opposed to wired hosts) are able to roam and can be connecting to other APs/WLCs across your campus in matter of seconds.
HTH,
Julio

Mac flap

Hello,
I came across an issue with and cisco 1841 fa0/1 plug into a 8 port cisco switch (G0/1)
there are 3 sub ifs on the router
10
20
30
I keep getting mac flap between GIG0/1 the uplink to the router and f0/1 which is in access mode and faces the customer.
The mac in question was the BIA of fa0/1 I don't understand how this can happen spanning tree is enabled portfast is not enabled
any idea's?

Hi,
May be I missed something here in your description.
Your router fas0/1 has sub interfaces
Your switch gig0/1 is in access mode ???
If you are using sub interfaces on your router then to me the switch port should be in trunk mode
something like this:-
ROUTER
int fas0/1
desc ** TRUNK TO SWITCH **
duplex auto
speed auto
int fas 0/1.10
desc ** VLAN 10 ***
encapsulation dot1Q 10
ip address 10.0.10.254 255.255.255.0
no ip redirects
no ip unreachables
int fas 0/1.20
desc ** VLAN 20 ***
encapsulation dot1Q 20
ip address 10.0.20.254 255.255.255.0
no ip redirects
no ip unreachables
int fas 0/1.30
desc ** VLAN 30 ***
encapsulation dot1Q 30
ip address 10.0.30.254 255.255.255.0
no ip redirects
no ip unreachables
SWITCH
int gig0/1
desc ** TRUNK TO SWITCH **
speed auto
duplex auto
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20,30
switchport mode trunk
Regards
Alex

MAC-flap Notifications

I am having an issue at one of our remote agencies whereas we are getting numerous mac-flap notifications on our switches.   This has become kind of a hinderance as we are getting tired of seeing these messages.   The end users havent been complaining, but the log messages are annoying.
It's usually occurring with the same mac-addresses over and over.   Upon further investigation, we found the mac-addresses are all on laptops which have both wireless and wired nic's.    There are wireless AP's (cisco 1242's) in use which they can connect. We also found where the error is popping up as they move from wireless into docking into their docking station which has a lan cable attached.    I was under the assumption that the wireless mac and wired mac were different numbers and therefore if the wired was up simultaneously with the wired, as it switched over, they shouldn't get a flap.
How can I correct this....or is it correctable?
I have attached a diagram to show my scenario, keep in mind those are just a few of the MANY msg's we have been receiving.   If anyone
can explain this to me, I'd appreciate it.

jonesl1 wrote:I am having an issue at one of our remote agencies whereas we are getting numerous mac-flap notifications on our switches.   This has become kind of a hinderance as we are getting tired of seeing these messages.   The end users havent been complaining, but the log messages are annoying. It's usually occurring with the same mac-addresses over and over.   Upon further investigation, we found the mac-addresses are all on laptops which have both wireless and wired nic's.    There are wireless AP's (cisco 1242's) in use which they can connect. We also found where the error is popping up as they move from wireless into docking into their docking station which has a lan cable attached.    I was under the assumption that the wireless mac and wired mac were different numbers and therefore if the wired was up simultaneously with the wired, as it switched over, they shouldn't get a flap.    How can I correct this....or is it correctable?I have attached a diagram to show my scenario, keep in mind those are just a few of the MANY msg's we have been receiving.   If anyonecan explain this to me, I'd appreciate it.
Are the users with these laptops roaming wirelessly across floors ie. could they be connected on bottom floor before then going back to floor 2, for example, where their wired connection is ?
Jon

Mac-flap issue

Hi,
I have 16 switches and 3 servers in my network.In server room,i have one cisco WS-C2960S-48TS-L and one WS-C2960S-24TS-L connected to each other.Two eth ports of each server are being timmed and connected to the 2 switches.Every thing is fine but i am getting mac-flap log in both switches.can anyone tell me how can i stop this?
48TS-L is the root bridge of the network and there is only 1 vlan in the network.all the ports are in same vlan of both switches.
here is a sample of the logs of both siwitches :-
*Feb 1 08:24:28.382: %SW_MATM-4-MACFLAP_NOTIF: Host 0015.5d07.1903 in vlan 101 is flapping between port Gi1/0/48 and port Gi1/0/3
*Feb 1 08:26:34.992: %SW_MATM-4-MACFLAP_NOTIF: Host 0015.5d07.1e01 in vlan 101 is flapping between port Gi1/0/48 and port Gi1/0/6
*Feb 1 08:25:40.351: %SW_MATM-4-MACFLAP_NOTIF: Host 0015.5d07.1e05 in vlan 101 is flapping between port Gi1/0/24 and port Gi1/0/15
Thanks in advance.

Hello
It occurs when you have a loop between the switches relating to ports bypassing the stp process and enter forwarding state either due stp being turned off or having portfast enabled.
when you have a server connectiing itself to two switches on portfast enabled ports, this can cause this type of issue you are seeing- Check if this is the case and disable the portfast feature on those ports
For trunk ports or if port aggregation check the link negotiation type (usually LACP for servers) is applied the same on both sides of the etherchannel and teamed server nics
res
Paul
Please don't forget to rate any posts that have been helpful.
Thanks.

MAC flapping reported between 2 port channels on Nexus 5596

Hi all, I'm seeing messages like the following reported on a Nexus 5596:
2015 Jan 7 12:40:48.954 Switch-5596A %FWM-6-MAC_MOVE_NOTIFICATION: Host 00ab.cdef.0123 in vlan 104 is flapping between port Po5 and port Po10
Po5 is connected to a storage cluster and is configured as an access port. It is connected to 2 Nexus 5596 switches using vpc.
interface port-channel5
description Storage Shelf 1
priority-flow-control mode off
switchport access vlan 104
spanning-tree port type edge
spanning-tree bpduguard enable
speed 10000
flowcontrol receive on
vpc 5
Po10 is the uplink to the core switch:
interface port-channel10
description uplink
switchport mode trunk
switchport trunk native vlan 2702
switchport trunk allowed vlan 64,94,104,124
spanning-tree port type network
speed 10000
vpc 10
Any ideas on why we would be seeing these log messages?
Thank you.

You need to trace this mac address: - 00ab.cdef.0123 and check if this has dual nic card if yes then check if nic teaming is configured correctly ...then shut down one of the link and see if you are learning the same mac address on two different ports?
HTH

Error message of MAC flapping for CCM-UC installed in UCS server

Dear All,
I have a strange issue, I have the 2 UCS servers setup with CCM & unity Connection running on each server on PUB - SUB mode.
I'm getting following error message on the Switch where the UCS server Connects.
I'm unable to trace why we are getting this error message, There is no problem with accessing CCM or UC, also the Phone & Voice mail seem to working.
un 25 13:15:14.853: %SW_MATM-4-MACFLAP_NOTIF: Host 000c.2911.db00 in vlan 410 is flapping between port Gi1/0/34 and port Gi1/0/33
Jun 25 13:15:28.828: %SW_MATM-4-MACFLAP_NOTIF: Host 000c.2911.db00 in vlan 410 is flapping between port Gi1/0/34 and port Gi1/0/33
Jun 25 13:15:44.145: %SW_MATM-4-MACFLAP_NOTIF: Host 000c.2911.db00 in vlan 410 is flapping between port Gi1/0/34 and port Gi1/0/33
Has anybody expereinced such error before, Appreciate your help in tracing this error.
Thanks,
Oliver

Hello,
I believe you'll get better answer at:
"https://supportforums.cisco.com/search.jspa?peopleEnabled=true&userID=&containerType=14&container=2003&spotlight=true&q=UCS"
my best guess is to check the LAN config on the UCS. It seems its trying to load balance the traffic in Active-Active rather than Active-Standby.
HTH

Broadcom LiveLink : Receiving MAC flaps with Cisco Nexus 7000

We are migrating from using two Nortel 8600's running VRRP at the distribution to Cisco Nexus 7K's using HSRP. So we have a server connected to two 3750G switches which then connect to the Nexi (previously the 8600's). As soon as we connected the 3750's to the Nexus and moved the gateway to Nexus, LiveLink forces all the servers to alternate traffic between NIC1 and NIC2.
Since LiveLink is a teaming application, it uses virtual mac for nic1 and nic2, but the virtual mac associated with the IP address moves to the active link.
LiveLink is used to check the availability of the gateway by polling the gateway out of each interface using an ARP request.
The problem does not exhibit itself in our Cisco VSS environment, and with Nortel's VRRP. I tried running VRRP on the Nexus but no joy.
Anyone know of a bug that could cause this issue?

Unfortunately we have LiveLink enabled on most of our Windows servers in our data centers. One of my colleagues sent me this bug issue. I'm not sure if this is the cause, but it's worth trying. We will update the NxOs (currently on 5.1.1) next week and see if that fixes the problem.
•CSCtl85080
Symptom: Incomplete Address Resolution Protocol (ARP) entries are observed on a Cisco Nexus 7000 Series switch, along with partial packet loss and a memory leak.
Conditions: This symptom might be seen when ARP packets have a nonstandard size (that is, greater than 64 bytes).
Workaround: This issue is resolved in 5.1.3.

Switch-independent load-balancing NIC teaming on server-side and MAC/ARP flapping on L2/L3 switches

Since active deployment of Windows Server 2012, our servers support team began to utilize new feature - switch-independent load-balancing NIC teaming. At first look it seems great - no additional network configuration is required and load balancing is performed by server itself by sending frames in round-robin or some hash algorithm out from different NICs (say two for simplicity) but with same MAC address. Theoretical bandwith is now grown up to 2Gbps (if we have two 1G NICs per server) against failover NIC teaming configuration, when one of two adapters is always down.
But how does this affect (if does) switching and routing performance of network equipment? From point of view of L2 switch - it has to rewrite its CAM table each time a server sends frame from different NIC. Isn't it expensive operation? Won't it affect switching in a bad way? We see in our logs that same server make switches to change mac-to-port associations several times per second.
Well, and how does it affect routing, if the switch to which server is connected is L3 switch an performs routing for the subnet server connected to? Will CEF operate well if ARP entry chages several times per second?
Thank you.

Since nobody answered here, we created service request and got the following answer (in short):
L2 MAC flapping between ports is very bad and you must avoid such configurations as much as possible. There is one possible variant that can be considered in your situation - use port-channel (either L2 or L3), in this configuration port-channel will be treted as single port and there won't be flapping.
Conversation example is here: https://ramazancan.wordpress.com/tag/best-practice/

MAC Address Flapping - Wireless

Friends,
I am having an issue here (not serious i guess).
I have 4 Wisms running on a VSS setup. with 400 APs.
I have been receiving the following logs on the VSS
Sep 12 19:39:10: %MAC_MOVE-SW1_SP-4-NOTIF: Host 001c.bf81.b7bb in vlan 220 is flapping between port Po704 and port Po736
Sep 12 19:39:10: %MAC_MOVE-SW1_SP-4-NOTIF: Host 0024.c454.fac6 in vlan 212 is flapping between port Po735 and port Po736
These are just 2 logs that i have put in, but im getting many more of them.
vlan 220 and 212 are user vlans in the network.
Now, my guess is that they are clients roaming between access points connected to different controllers.
or if Im wrong, is there something serious that i need to look into.
Thanks,
Phil

Hi Vinay Sir, I need your support for wireless issue.
I getting multiple mac flap error messge in cisco 4507 Core switch while my mobile clietnts roaming from one AP to another AP due to this my whole lan network goes down.
And im having cisco AIR-CT2504-K9 controller also.
Requesting you to kindly help me in this case.
Thanks
dhanraj poojari

MAC address flapping on 2 x Cisco 3750 (Stacked)

Hi All,
I am having some issue with my connectivity.
The setup with HP virtual connect (VC) is as below:
Server A NIC 1 -- VC 1 -- Switch A
NIC 2 -- VC 2 -- Switch A
Server B NIC 1 -- VC 1 -- Switch A
NIC 2 -- VC 2 -- Switch A
The VLAN configuration are done on individual NIC card on the servers and the switchport on Switch A facing the VC connect are all on trunk mode.
Currently I am seeing MAC address flapping on my Switch. The switches are CISCO 3750 and are being stacked so it appears logically as 1 switch.
Any idea what might be the problem?
Below is an output of the flapping on the switch.
%SW_MATM-4-MACFLAP_NOTIF: Host xxxx.xxxx.0637 in vlan 1 is flapping between port Gi2/0/3 and port Gi2/0/5
%SW_MATM-4-MACFLAP_NOTIF: Host xxxx.xxxx.46eb in vlan 1 is flapping between port Gi1/0/5 and port Gi1/0/7
%SW_MATM-4-MACFLAP_NOTIF: Host xxxx.xxxx.661d in vlan 1 is flapping between port Gi2/0/15 and port Gi2/0/7

Hi,
Problem of MAC FLAP could resolve by following methods:.
Check with the server providers to see if the OS and server platform support 'NIC' Teaming (NIC Bonding).
FYI - NIC teaming allows users to group two or more physical NICs into a single logical network device called a bond. Once a logical NIC is configured, the virtual machine is not aware of the underlying physical NICs. Packets sent to the logical NIC are dispatched to one of the physical NICs in the bond and packets arriving at any of the physical NICs are automatically directed to the appropriate logical NIC. If one of the underlying physical NICs is broken or its cable has been unplugged, server will detect the fault condition and automatically move traffic to another NIC in the bond.
Hope that help
If helpful do rate
Ganesh.H

Fe80.0000.0000 flapping

Hi ,
I received many fe80.0000.0000 flapping on the switch. I can not find the mac fe80.0000.0000. Is it a normal mac address? How to resolve this problem?
Dec 10 08:25:42: %SW_MATM-4-MACFLAP_NOTIF: Host fe80.0000.0000 in vlan 223 is flapping between port Fa0/47 and port
Fa0/48
BR/
Samuel

Hello Sam,
Generally , we see this kind of mac flap if STP is not stable in the network or server connected on two ports and teaming is not working properly . But i checked this mac address and this seems not a valid mac address .
So it could be some kind of attacks . Please check what is connected on fa0/47 and port
Fa0/48 and verify the mac address of connected device . If connected device address matched then check the teaming configuration otherwise its a kind of attack . If require disconnect the host from the network ,.
HTH
Regards,
VS.Suresh.
*Plz rate the usefull posts *

%SW_MATM-4-MACFLAP_NOTIF: Host 00ff.ffff.ffff in vlan 112 is flapping between port Gi3/0/1 and port Fa2/0/46.....

Hi Guys,
Iam seeing above issue on two of my switches connected to core switch ....i know there are quite of few discussion open on same issue but mine is diff....
i see same issue on two switches connected via core swicth on same vlan ( 112)....when i do mac address lookup it says the mac thats generating this error is invalid so cant track the source of this mac....also just saw on topoogy change notification on core traced it back to originating switch which is also generating this error but dnt see any change on the switch that is generated topology change notification....prob is vlan 112 all interface on both switches conected via core are generating this message so five interfaces each .....any expert advise on how to approach it as i cant get to source port generating this as nearly five ports in vlan 112 on bloth switches generating this error. thanks
Apr 15 15:56:08: %SW_MATM-4-MACFLAP_NOTIF: Host 00ff.ffff.ffff in vlan 112 is flapping between port Fa3/0/46 and port Gi3/0/1
Apr 15 15:56:50: %SW_MATM-4-MACFLAP_NOTIF: Host 00ff.ffff.ffff in vlan 112 is flapping between port Fa2/0/46 and port Gi3/0/1
Apr 15 15:56:51: %SW_MATM-4-MACFLAP_NOTIF: Host 00ff.ffff.ffff in vlan 112 is flapping between port Fa3/0/46 and port Gi3/0/1
Apr 15 15:58:29: %SW_MATM-4-MACFLAP_NOTIF: Host 00ff.ffff.ffff in vlan 112 is flapping between port Fa2/0/46 and port Gi3/0/1
Apr 15 15:59:27: %SW_MATM-4-MACFLAP_NOTIF: Host 00ff.ffff.ffff in vlan 112 is flapping between port Gi3/0/1 and port Fa2/0/46
Apr 15 15:59:45: %SW_MATM-4-MACFLAP_NOTIF: Host 00ff.ffff.ffff in vlan 112 is flapping between port Fa2/0/46 and port Gi3/0/1
Apr 15 16:00:14: %SW_MATM-4-MACFLAP_NOTIF: Host 00ff.ffff.ffff in vlan 112 is flapping between port Gi3/0/1 and port Fa3/0/46
Apr 15 16:00:36: %SW_MATM-4-MACFLAP_NOTIF: Host 00ff.ffff.ffff in vlan 112 is flapping between port Fa2/0/46 and port Gi3/0/1
Apr 15 16:02:40: %SW_MATM-4-MACFLAP_NOTIF: Host 00ff.ffff.ffff in vlan 112 is flapping between port Fa3/0/46 and port Gi3/0/1
Apr 15 16:03:22: %SW_MATM-4-MACFLAP_NOTIF: Host 00ff.ffff.ffff in vlan 112 is flapping between port Fa3/0/46 and port Gi3/0/1
Apr 15 16:03:31: %SW_MATM-4-MACFLAP_NOTIF: Host 00ff.ffff.ffff in vlan 112 is flapping between port Gi3/0/1 and port Fa2/0/46
Apr 15 16:04:03: %SW_MATM-4-MACFLAP_NOTIF: Host 00ff.ffff.ffff in vlan 112 is flapping between port Fa3/0/46 and port Gi3/0/1
Apr 15 16:04:34: %SW_MATM-4-MACFLAP_NOTIF: Host 00ff.ffff.ffff in vlan 112 is flapping between port Fa2/0/46 and port Gi3/0/1
Apr 15 16:04:41: %SW_MATM-4-MACFLAP_NOTIF: Host 00ff.ffff.ffff in vlan 112 is flapping between port Gi3/0/1 and port Fa2/0/46
Apr 15 16:05:05: %SW_MATM-4-MACFLAP_NOTIF: Host 00ff.ffff.ffff in vlan 112 is flapping between port Fa2/0/46 and port Gi3/0/1
Apr 15 16:05:13: %SW_MATM-4-MACFLAP_NOTIF: Host 00ff.ffff.ffff in vlan 112 is flapping between port Gi3/0/1 and port Fa3/0/46
sh spanning-tree vlan 112
VLAN0112
Spanning tree enabled protocol rstp
Root ID    Priority    8192
             Address     001e.13c1.5a70
             Cost        3004
             Port        109 (GigabitEthernet3/0/1)
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority    49264 (priority 49152 sys-id-ext 112)
             Address     001f.261c.1d80
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
             Aging Time 300
UplinkFast enabled but inactive in rapid-pvst mode
Interface        Role Sts Cost      Prio.Nbr Type
Fa2/0/46         Desg FWD 3019      128.104 P2p
Fa1/0/46         Desg FWD 3019      128.50   P2p
Gi3/0/1          Root FWD 3004      128.109 P2p
Fa3/0/46         Desg FWD 3019      128.158 P2p
Fa3/0/47         Desg FWD 3100      128.159 P2p
Fa3/0/48         Desg FWD 3019      128.160 P2p

ASAK Mohammed,
There are lots of thread discussing about this, you should do a search before creating a new post.
Anyway, this is how you approach these types of flapping:
1. Is the the given MAC flapping in the log flapping only 1 time or you see it multiple times over a reasonobly short time?
   If you see it only once or once every 2-3 hours this might be not an issue worth being investigated. Sporadic one time flapping are expected in L2 broadcast domain.
If you see it often continue to step 2.
2. Identify and locate the flapping mac in vlan 125: 3270.990a.a504
Is the mac of a dual-homes server using some kind of load balancing algorithm (active/active) for which the same address is used from both NICs?
If yes, the message is not and issue but just an indication. Fix this type of LB (make it active/standby or make sure the server uses 2 different mac addresses, one per NIC) or if it is not possible leave it like this.
3. Is the MAC a the wireless NIC of a PC?
Make sure that the user was not moving from one AP to another (flapping is normal in this case)
4.
See if you have increasing TCN's and check if they are coming from the same interface.
From this point on you keep on troubleshooting STP until you find the offending link (likely going up and down) or the switch. You also need to check if STP in vlan112 is coherent with the actual L2 topology you have.
=====================================================
2- Some more details information which might be helpfull to you.
http://www.cisco.com/en/US/products/hw/switches/ps663/products_tech_note09186a
00801434de.shtml#subtopic1k
Problem
The switch generates %SYS-3-P2_ERROR: Host xx:xx:xx:xx:xx:xx is flapping
between ports? messages, where xx:xx:xx:xx:xx:xx is a MAC address.
Description
This example shows the console output that you see when this error occurs:
%SYS-4-P2_WARN: 1/Host 00:50:0f:20:08:00 is flapping between port 1/2 and port
4/39
Use the steps and guidelines in this section in order to understand and
troubleshoot the cause of this error message.
The message indicates that your Catalyst 4500/4000 switch has learned a MAC
address that already exists in the content-addressable memory (CAM) table, on
a port other than the original one. This behavior repeatedly occurs over short
periods of time, which means that there is address flapping between ports..
If the message appears for multiple MAC addresses, the behavior is not normal.
This behavior indicates a possible network problem because the MAC addresses
move quickly from one port to another port before the default aging time. The
problem can be looping traffic on the network. Typical symptoms include:
·        High CPU utilization
·        Slow traffic throughout the network
·        High backplane utilization on the switch
For information on how to identify and troubleshoot issues with spanning tree,
refer to Spanning Tree Protocol Problems and Related Design Considerations
<http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00800
951ac.shtml> .
If the error message appears for one or two MAC addresses, locate these MAC
addresses in order to determine the cause. Issue the show cam mac_addr command
in order to identify from where these MAC addresses have been learned. In this
command, mac_addr is the MAC address that the error reports as flapping.
After you determine between which ports this MAC address is flapping, track
down the MAC address. Connect to the intermediate devices between your
Catalyst 4500/4000 and the device that has the problem MAC address. Do this
until you are able to identify the source and how this device connects to the
network.
Note: Because the MAC address is flapping between two ports, track down both
of the paths.
This example shows how to track both of the paths from which this MAC address
has been learned:
Note: Assume that you have received this message and you have begun to
investigate it.
%SYS-4-P2_WARN: 1/Host 00:50:0f:20:08:00 is flapping between port 1/2 and port
4/39
In order to track down how this MAC address was learned from both ports,
complete these steps:
1.     Consider port 1/2 first, and issue the show cam dynamic 1/2 command.
If you see the MAC address 00:50:0f:20:08:00 in the list of the MAC addresses
that have been learned on this port, determine if this is a single host that
is connected or if there are multiple hosts that are registered on that port.
2.     On the basis of whether there is a single or multiple hosts,
investigate the device:
o   If there is a single host (00:50:0f:20:08:00) that is connected, check the
other port that is registered and see if the host is dually attached to the
switch.
In this example, the other port is port 4/39.
o   If the host has connections to other devices that can eventually lead back
to this switch, try to track down the intermediate devices.
With Cisco devices, issue the show cdp neighbors mod/port detail command. The
output provides information about intermediate devices.
Here is sample output:
Cat4K> (enable) show cdp neighbors 1/2 detail
Port (Our Port): 1/2
Device-ID: brigitte
Device Addresses:
IP Address: 172.16.1.1
Novell address: aa.0
Holdtime: 171 sec
Capabilities: ROUTER
Version:
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-JS-L), Version 12.0(7)T, RELEASE SOFTWARE (fc2)
Copyright (c) 1986-1999 by cisco Systems, Inc.
Compiled Mon 06-DEC-99 17:10 by phanguye
Platform: cisco 2500
Port-ID (Port on Neighbors's Device): Ethernet0
VTP Management Domain: unknown
Native VLAN: unknown
Duplex: half
System Name: unknown
System Object ID: unknown
Management Addresses: unknown
Physical Location: unknown
Cat4K> (enable)
3.     Establish a Telnet session with the device and follow the path of the
MAC address.
In this example, the IP address is 172.16.1.1.
Repeat the procedure for all MAC addresses that the error message reports as
flapping.
4.     Create a simple diagram of the source device with that MAC address and
of the physical connections (the Catalyst 4500/4000 ports) from which and to
which this MAC address is flapping.
The diagram enables you to determine if this is a valid port and path for your
network layout.
If you verify that both ports on which the MAC address is flapping provide a
path toward that network node, there is a possibility that you have a
spanning-tree failure issue. Refer to Spanning Tree Protocol Problems and
Related Design Considerations
<http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00800
951ac.shtml> in order to isolate and troubleshoot this loop.
In large networks in which multiple hosts from multiple vendors are
interconnected, difficulty arises as you try to track down the host with use
of just the MAC address. Use the search utility for the IEEE OUI and
Company_id Assignments <http://standards.ieee.org/regauth/oui/index.shtml> in
order to track down these MAC addresses. This list is the front end of the
database where IEEE has registered all MAC addresses that have been assigned
to all vendors. Enter the first three octets of the MAC address in the Search
for: field of this page in order to find the vendor that is associated with
this device. The first three octets in the example are 00:50:0f.
These are other issues that can cause this message to appear:
·        Server NIC redundancy problem?There is a server with a dual-attached
NIC that misbehaves and does not follow the standards. The server uses the
same MAC address for both ports that connect to the same switch.
·        Hot Standby Router Protocol (HSRP) flapping?Flapping HSRP can cause
these messages to appear in the Supervisor Engine console. If you notice that
HSRP implementation in your network is unstable, refer to Understanding and
Troubleshooting HSRP Problems in Catalyst Switch Networks
<http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a00800
94afd.shtml> in order to resolve the problem.
·        EtherChannel misconfiguration?A misconfigured EtherChannel connection
can also cause these symptoms. If ports that the flapping message reports are
members of the same channel group, check your EtherChannel configuration and
refer to Understanding EtherChannel Load Balancing and Redundancy on Catalyst
Switches
<http://www.cisco.com/en/US/tech/tk389/tk213/technologies_tech_note09186a00800
94714.shtml> in order to troubleshoot the configuration.
·        Host reflects packets back onto the network?The reflection of packets
back onto the network by a host can also cause flapping. Typically, the root
cause of this packet reflection is a broken NIC or any failure of the physical
interface of the host that is connected to the port.
If the reflection of packets by the host is your root cause, obtain a sniffer
trace and examine the traffic that goes to and from the ports on which the
messages have appeared. If a host reflects packets, you typically see
duplicate packets in the trace. The duplicate packets are a possible symptom
of this flapping of the MAC address.
Refer to Configuring SPAN and RSPAN
<http://www.cisco.com/en/US/docs/switches/lan/catalyst4000/6.3and6.4/configura
tion/guide/span.html> for details on how to configure a port for use with a
sniffer.
·        Software or hardware defect?If you have tried to troubleshoot the
flapping message with the instructions in this section but you still notice
the issue, seek further assistance from Cisco Technical Support
<http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html> . Be
sure to mention and provide documentation of the information that you have
collected while you followed the steps. This information makes further
troubleshooting quicker and more efficient.
HTH
REgards
Inayath
*Plz rate all usefull posts.

MAC flapping

Similar Messages

Maybe you are looking for