Solved

MAC address flapping between ports

Posted on 2014-01-30
19
9,104 Views
Last Modified: 2014-02-01
Hello,

I have been receiving below messages on 3 switches.

191: *Mar 7 02:30:48.326: %SW_MATM-4-MACFLAP_NOTIF: Host 148f.c639.e71a in vlan 100 is flapping between port Gi0/1 and port Gi0/2

I am attaching a diagram to give you more information about topology.

I have Vlan 100. You may say this used for two purposes.

1. A Router is connected to a Switchport in Vlan 100. This router provides the internet access to guest. The guests ( associated with AP) receive DHCP address from the address
2. At the same time, I have some workstation connected to a switchport in vlan 100 having static assigned address pointing to core switche HSRP IP as defaul gateway

Workstation static ip

IP- 10.1.100.100
SM- 255.255.255.0
GW- 10.1.100.1

VLAN configuration on Switch

interface Vlan100
 ip address 10.1.100.254 255.255.255.0
 ip route-cache flow
 standby delay minimum 20 reload 25
 standby 100 ip 10.1.100.1
 standby 100 priority 110
 standby 100  preempt

Router Configuration

inf fa0/0
ip add 192.168.1.1 255.255.255.0
description  << connected to switchport >>

I need to know why am I receiving the above mac flapping messages Is there poor design in place.

Thanks in advance
design.jpg
0
Comment
Question by:cciedreamer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 6
  • 3
  • +1
19 Comments
 
LVL 70

Expert Comment

by:Qlemo
ID: 39820524
Is it always the same MAC address, or do you get different ones on different switches, or the same (but multiple) MACs on different switches?

If you see a few MAC addresses only, each local to one switch, first step is to locate the device having that MAC address. Probably devices are connected to more than one port/switch, using the same (virtual or physical) MAC address.
0
 
LVL 3

Author Comment

by:cciedreamer
ID: 39820538
- It is different MAC and different switche but same vlan
- When tried to locate the mac address it doesn't show any entry.

Thanks
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 39820557
All I can say is that 14:8f:c6:39:e7:1a belongs to Apple. Likely an iPhone.
0
Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

 
LVL 3

Author Comment

by:cciedreamer
ID: 39820562
Now I recieved a message on different switch with different mac

8000: *May 1 08:07:20.292: %SW_MATM-4-MACFLAP_NOTIF: Host a806.0084.a484 in vlan 100 is flapping between port Gi0/48 and port Gi0/46
0
 
LVL 3

Author Comment

by:cciedreamer
ID: 39820589
Also this flapping is happening between the ports where the AP's ( trunk ports) are connected.
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 39820614
The new one is Samsung.

Do you have a single AP or do you have multiple APs?

If you have multiple APs then the devices are probably switching between APs and that's what's causing the flapping.
0
 
LVL 3

Author Comment

by:cciedreamer
ID: 39820630
So what is the cause and how I can prevent Do I have to care about it ??
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 39820651
Do you have a single AP or do you have multiple APs???
0
 
LVL 3

Author Comment

by:cciedreamer
ID: 39820657
I have mulitple AP's
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 39820686
You could try to move the AP's farther apart.  But then you could create some dead spots in the coverage.

I would probably just ignore the messages.

How often are you seeing the messages?
0
 
LVL 3

Author Comment

by:cciedreamer
ID: 39820694
I have reboot the router and I am not seeing this message.

Only today I started receiving this messages
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 39820697
How often are you seeing the messages?

Are the messages (for one MAC) showing up every 2 seconds, 15 seconds, 60 seconds, 5 minutes, 1 hour?
0
 
LVL 46

Expert Comment

by:Craig Beck
ID: 39820702
If you have problems with STP you'll see this.

At the moment your network has a physical loop.  This should be managed with STP.  If STP blocks the VLAN at one uplink on your access switch, then brings that link up when the original link fails (or as the result of a TCN), you will see this message in the logs as the MAC address was seen via two different ports at the core according to the CAM table.

Can you post the STP config from your core switches, and the access switch?

Also post the following outputs from each core:

show spanning-tree root
show spanning-tree blocked
show standby brief
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 39820717
AP's ( trunk ports)
That's an indication your trunking does not work. You'll have to check that. Spanning tree should stop that if an issue for different switches, but not within the same switch.
0
 
LVL 50

Accepted Solution

by:
Don Johnston earned 250 total points
ID: 39820744
I don't think this is a STP issue. It only appears to be MAC addresses associated with wireless devices and there are multiple APs.

I think that the wireless device is in just the right location between AP's that the signal strength is the same for the two AP's which is causing the MAC address flaps.  Or it could be the APs are too close together.
0
 
LVL 3

Author Comment

by:cciedreamer
ID: 39820760
Core 1 :

sh spanning-tree root

Core1#sh spanning-tree root 

                                        Root    Hello Max Fwd
Vlan                   Root ID          Cost    Time  Age Dly  Root Port
---------------- -------------------- --------- ----- --- ---  ------------
VLAN0001          8192 001a.e3f5.4401         0    2   20  15                  
VLAN0002          8192 001a.e3f5.4402         0    2   20  15                  
VLAN0003          8192 001a.e3f5.4403         0    2   20  15                  
VLAN0004          8192 001a.e3f5.4404         0    2   20  15                  
VLAN0005          8192 001a.e3f5.4405         0    2   20  15                  
VLAN0006          8192 001a.e3f5.4406         0    2   20  15                  
VLAN0007          8192 001a.e3f5.4407         0    2   20  15                  
VLAN0008          8192 001a.e3f5.4408         0    2   20  15                  
VLAN0009          8192 001a.e3f5.4409         0    2   20  15                  
VLAN0010          8192 001a.e3f5.440a         0    2   20  15                  
VLAN0011          8192 001a.e3f5.440b         0    2   20  15                  
VLAN0012          8192 001a.e3f5.440c         0    2   20  15                  
VLAN0013          8192 001a.e3f5.440d         0    2   20  15                  
VLAN0014          8192 001a.e3f5.440e         0    2   20  15                  
VLAN0015          8192 001a.e3f5.440f         0    2   20  15                  
VLAN0016          8192 001a.e3f5.4410         0    2   20  15                  
VLAN0017          8192 001a.e3f5.4411         0    2   20  15                  
VLAN0018          8192 001a.e3f5.4412         0    2   20  15                  
VLAN0019          8192 001a.e3f5.4413         0    2   20  15                  
VLAN0020          8192 001a.e3f5.4414         0    2   20  15                  
VLAN0021          8192 001a.e3f5.4415         0    2   20  15                  
VLAN0022          8192 001a.e3f5.4416         0    2   20  15                  
VLAN0023          8192 001a.e3f5.4417         0    2   20  15                  
VLAN0024          8192 001a.e3f5.4418         0    2   20  15                  
VLAN00100          8192 001a.e3f5.4419         0    2   20  15   

Open in new window

                       

Core 2

sh spanning-tree root

----------- --------- ----- --- ---  ------------
VLAN0001          8192 001a.e3f5.4401         4    2   20  15  Gi2/23          
VLAN0002          8192 001a.e3f5.4402         4    2   20  15  Gi2/23          
VLAN0003          8192 001a.e3f5.4403         4    2   20  15  Gi2/23          
VLAN0004          8192 001a.e3f5.4404         4    2   20  15  Gi2/23          
VLAN0005          8192 001a.e3f5.4405         4    2   20  15  Gi2/23          
VLAN0006          8192 001a.e3f5.4406         4    2   20  15  Gi2/23          
VLAN0007          8192 001a.e3f5.4407         4    2   20  15  Gi2/23          
VLAN0008          8192 001a.e3f5.4408         4    2   20  15  Gi2/23          
VLAN0009          8192 001a.e3f5.4409         4    2   20  15  Gi2/23          
VLAN0010          8192 001a.e3f5.440a         4    2   20  15  Gi2/23          
VLAN0011          8192 001a.e3f5.440b         4    2   20  15  Gi2/23          
VLAN0012          8192 001a.e3f5.440c         4    2   20  15  Gi2/23          
VLAN0013          8192 001a.e3f5.440d         4    2   20  15  Gi2/23          
VLAN0014          8192 001a.e3f5.440e         4    2   20  15  Gi2/23          
VLAN0015          8192 001a.e3f5.440f         4    2   20  15  Gi2/23          
VLAN0016          8192 001a.e3f5.4410         4    2   20  15  Gi2/23          
VLAN0017          8192 001a.e3f5.4411         4    2   20  15  Gi2/23          
VLAN0018          8192 001a.e3f5.4412         4    2   20  15  Gi2/23          
VLAN0019          8192 001a.e3f5.4413         4    2   20  15  Gi2/23          
VLAN0020          8192 001a.e3f5.4414         4    2   20  15  Gi2/23          
VLAN0021          8192 001a.e3f5.4415         4    2   20  15  Gi2/23          
VLAN0022          8192 001a.e3f5.4416         4    2   20  15  Gi2/23          
VLAN0023          8192 001a.e3f5.4417         4    2   20  15  Gi2/23          
VLAN0024          8192 001a.e3f5.4418         4    2   20  15  Gi2/23          
VLAN00100         8192 001a.e3f5.4419         4    2   20  15  Gi2/23  

Core1

sh spanning-tree blocked

Core1#show spanning-tree blocked

Name                 Blocked Interfaces List
-------------------- ------------------------------------

Number of blocked ports (segments) in the system : 0

Open in new window



Core2

sh spanning-tree blocked

Core_Switch_1#show spanning-tree blocked

Name                 Blocked Interfaces List
-------------------- ------------------------------------

Number of blocked ports (segments) in the system : 0

Open in new window


Core1#sh standby brief 
                     P indicates configured to preempt.
                     |
Interface   Grp Prio P State    Active addr     Standby addr    Group addr     
Vl1         1   110  P Standby  10.10.11.253    local           10.10.11.1     
Vl2         2   110  P Active   local           10.1.1.253      10.1.1.1       
Vl3         3   110  P Active   local           10.1.2.253      10.1.2.1       
Vl4         4   110  P Active   local           10.1.3.253      10.1.3.1       
Vl5         5   110  P Active   local           10.1.4.253      10.1.4.1       
Vl6         6   110  P Active   local           10.1.5.253      10.1.5.1       
Vl7         7   110  P Active   local           10.1.6.253      10.1.6.1       
Vl8         8   110  P Active   local           10.1.7.253      10.1.7.1       
Vl9         9   110  P Active   local           10.1.8.253      10.1.8.1       
Vl10        10  110  P Active   local           10.1.9.253      10.1.9.1       
Vl11        11  110  P Active   local           10.1.10.253     10.1.10.1      
Vl12        12  110  P Active   local           10.1.11.253     10.1.11.1      
Vl13        13  110  P Active   local           10.1.12.253     10.1.12.1      
Vl14        14  110  P Active   local           10.1.13.253     10.1.13.1      
Vl15        15  110  P Active   local           10.1.14.253     10.1.14.1      
Vl16        16  110  P Active   local           10.1.15.253     10.1.15.1      
Vl17        17  110  P Active   local           10.1.16.253     10.1.16.1      
Vl18        18  110  P Active   local           192.168.168.253 192.168.168.1  
Vl19        19  110  P Active   local           10.1.18.253     10.1.18.1      
Vl20        20  110  P Active   local           10.1.19.253     10.1.19.1      
Vl21        21  110  P Active   local           10.1.20.253     10.1.20.1      
Vl22        22  110  P Active   local           10.1.21.253     10.1.21.1      
Vl23        23  110  P Active   local           10.1.22.253     10.1.22.1      
Vl24        24  110  P Active   local           10.1.23.253     10.1.23.1      
Vl100       100  110  P Active   local         10.1.100.253   10.1.100.1

Open in new window



Core 2

sh standby brief

Core2#sh standby brief 
                     P indicates configured to preempt.
                     |
Interface   Grp Prio P State    Active addr     Standby addr    Group addr     
Vl1         1   150  P Active   local           10.10.11.254    10.10.11.1     
Vl2         2   95   P Standby  10.1.1.254      local           10.1.1.1       
Vl3         3   95   P Standby  10.1.2.254      local           10.1.2.1       
Vl4         4   95   P Standby  10.1.3.254      local           10.1.3.1       
Vl5         5   95   P Standby  10.1.4.254      local           10.1.4.1       
Vl6         6   95   P Standby  10.1.5.254      local           10.1.5.1       
Vl7         7   95   P Standby  10.1.6.254      local           10.1.6.1       
Vl8         8   95   P Standby  10.1.7.254      local           10.1.7.1       
Vl9         9   95   P Standby  10.1.8.254      local           10.1.8.1       
Vl10        10  95   P Standby  10.1.9.254      local           10.1.9.1       
Vl11        11  95   P Standby  10.1.10.254     local           10.1.10.1      
Vl12        12  95   P Standby  10.1.11.254     local           10.1.11.1      
Vl13        13  95   P Standby  10.1.12.254     local           10.1.12.1      
Vl14        14  95   P Standby  10.1.13.254     local           10.1.13.1      
Vl15        15  95   P Standby  10.1.14.254     local           10.1.14.1      
Vl16        16  95   P Standby  10.1.15.254     local           10.1.15.1      
Vl17        17  95   P Standby  10.1.16.254     local           10.1.16.1      
Vl18        18  95   P Standby  192.168.168.254 local           192.168.168.1  
Vl19        19  95   P Standby  10.1.18.254     local           10.1.18.1      
Vl20        20  95   P Standby  10.1.19.254     local           10.1.19.1      
Vl21        21  95   P Standby  10.1.20.254     local           10.1.20.1      
Vl22        22  95   P Standby  10.1.21.254     local           10.1.21.1      
Vl23        23  95   P Standby  10.1.22.254     local           10.1.22.1      
Vl24        24  95   P Standby  10.1.23.254     local           10.1.23.1      
Vl100        25  95   P Standby 10.1.100.254     local         10.1.100.1          

Open in new window

0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 39820917
How often are you seeing the messages?

Are the messages (for one MAC) showing up every 2 seconds, 15 seconds, 60 seconds, 5 minutes, 1 hour?
0
 
LVL 46

Assisted Solution

by:Craig Beck
Craig Beck earned 250 total points
ID: 39820983
STP looks good, therefore it's more likely that the client is being seen by multiple APs as donjohnston said.
I think that the wireless device is in just the right location between AP's that the signal strength is the same for the two AP's which is causing the MAC address flaps.  Or it could be the APs are too close together.
I see what you mean, but it doesn't usually work that way.  A client can't associate to more than one AP at a time and it won't roam to another AP until a set of thresholds have been reached.  If the client roams after the thresholds are reached the client won't usually come back to the original AP if it stays in the same place.  There are other factors which could affect this, but having APs close to each-other isn't really a problem - it's actually desirable in a lot of cases.  So, it's usually just that the MAC hasn't been dropped from the CAM table via its original port.

I do agree though, it's probably just that clients could be seen via two APs during the period in which the core retains the original port-to-MAC mapping and logs the new one.

If it's not causing issues for the clients I'd just ignore it.  It's part of the client-roam process.
0
 
LVL 3

Author Closing Comment

by:cciedreamer
ID: 39826181
Thank you experts for your help. For now I will just ignore the messages
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Draytek (Site to Site VPN using IPSec) 6 107
Split my switch into 2 switches 4 73
IP range 6 94
Layer 3 switch recommendation 15 99
This article is a step by step guide on how to create a basic PTP link using Ubiquiti airOS devices. This guide can be used on the following Ubiquiti AirMAX devices. Nanostation, Bullets, AirBridge, Nanobeam, NanoBridge to name a few. Please review …
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question