Solved

MAC address flapping between ports

Posted on 2014-01-30
19
7,817 Views
Last Modified: 2014-02-01
Hello,

I have been receiving below messages on 3 switches.

191: *Mar 7 02:30:48.326: %SW_MATM-4-MACFLAP_NOTIF: Host 148f.c639.e71a in vlan 100 is flapping between port Gi0/1 and port Gi0/2

I am attaching a diagram to give you more information about topology.

I have Vlan 100. You may say this used for two purposes.

1. A Router is connected to a Switchport in Vlan 100. This router provides the internet access to guest. The guests ( associated with AP) receive DHCP address from the address
2. At the same time, I have some workstation connected to a switchport in vlan 100 having static assigned address pointing to core switche HSRP IP as defaul gateway

Workstation static ip

IP- 10.1.100.100
SM- 255.255.255.0
GW- 10.1.100.1

VLAN configuration on Switch

interface Vlan100
 ip address 10.1.100.254 255.255.255.0
 ip route-cache flow
 standby delay minimum 20 reload 25
 standby 100 ip 10.1.100.1
 standby 100 priority 110
 standby 100  preempt

Router Configuration

inf fa0/0
ip add 192.168.1.1 255.255.255.0
description  << connected to switchport >>

I need to know why am I receiving the above mac flapping messages Is there poor design in place.

Thanks in advance
design.jpg
0
Comment
Question by:cciedreamer
  • 8
  • 6
  • 3
  • +1
19 Comments
 
LVL 68

Expert Comment

by:Qlemo
Comment Utility
Is it always the same MAC address, or do you get different ones on different switches, or the same (but multiple) MACs on different switches?

If you see a few MAC addresses only, each local to one switch, first step is to locate the device having that MAC address. Probably devices are connected to more than one port/switch, using the same (virtual or physical) MAC address.
0
 
LVL 3

Author Comment

by:cciedreamer
Comment Utility
- It is different MAC and different switche but same vlan
- When tried to locate the mac address it doesn't show any entry.

Thanks
0
 
LVL 68

Expert Comment

by:Qlemo
Comment Utility
All I can say is that 14:8f:c6:39:e7:1a belongs to Apple. Likely an iPhone.
0
 
LVL 3

Author Comment

by:cciedreamer
Comment Utility
Now I recieved a message on different switch with different mac

8000: *May 1 08:07:20.292: %SW_MATM-4-MACFLAP_NOTIF: Host a806.0084.a484 in vlan 100 is flapping between port Gi0/48 and port Gi0/46
0
 
LVL 3

Author Comment

by:cciedreamer
Comment Utility
Also this flapping is happening between the ports where the AP's ( trunk ports) are connected.
0
 
LVL 50

Expert Comment

by:Don Johnston
Comment Utility
The new one is Samsung.

Do you have a single AP or do you have multiple APs?

If you have multiple APs then the devices are probably switching between APs and that's what's causing the flapping.
0
 
LVL 3

Author Comment

by:cciedreamer
Comment Utility
So what is the cause and how I can prevent Do I have to care about it ??
0
 
LVL 50

Expert Comment

by:Don Johnston
Comment Utility
Do you have a single AP or do you have multiple APs???
0
 
LVL 3

Author Comment

by:cciedreamer
Comment Utility
I have mulitple AP's
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 50

Expert Comment

by:Don Johnston
Comment Utility
You could try to move the AP's farther apart.  But then you could create some dead spots in the coverage.

I would probably just ignore the messages.

How often are you seeing the messages?
0
 
LVL 3

Author Comment

by:cciedreamer
Comment Utility
I have reboot the router and I am not seeing this message.

Only today I started receiving this messages
0
 
LVL 50

Expert Comment

by:Don Johnston
Comment Utility
How often are you seeing the messages?

Are the messages (for one MAC) showing up every 2 seconds, 15 seconds, 60 seconds, 5 minutes, 1 hour?
0
 
LVL 45

Expert Comment

by:Craig Beck
Comment Utility
If you have problems with STP you'll see this.

At the moment your network has a physical loop.  This should be managed with STP.  If STP blocks the VLAN at one uplink on your access switch, then brings that link up when the original link fails (or as the result of a TCN), you will see this message in the logs as the MAC address was seen via two different ports at the core according to the CAM table.

Can you post the STP config from your core switches, and the access switch?

Also post the following outputs from each core:

show spanning-tree root
show spanning-tree blocked
show standby brief
0
 
LVL 68

Expert Comment

by:Qlemo
Comment Utility
AP's ( trunk ports)
That's an indication your trunking does not work. You'll have to check that. Spanning tree should stop that if an issue for different switches, but not within the same switch.
0
 
LVL 50

Accepted Solution

by:
Don Johnston earned 250 total points
Comment Utility
I don't think this is a STP issue. It only appears to be MAC addresses associated with wireless devices and there are multiple APs.

I think that the wireless device is in just the right location between AP's that the signal strength is the same for the two AP's which is causing the MAC address flaps.  Or it could be the APs are too close together.
0
 
LVL 3

Author Comment

by:cciedreamer
Comment Utility
Core 1 :

sh spanning-tree root

Core1#sh spanning-tree root 

                                        Root    Hello Max Fwd
Vlan                   Root ID          Cost    Time  Age Dly  Root Port
---------------- -------------------- --------- ----- --- ---  ------------
VLAN0001          8192 001a.e3f5.4401         0    2   20  15                  
VLAN0002          8192 001a.e3f5.4402         0    2   20  15                  
VLAN0003          8192 001a.e3f5.4403         0    2   20  15                  
VLAN0004          8192 001a.e3f5.4404         0    2   20  15                  
VLAN0005          8192 001a.e3f5.4405         0    2   20  15                  
VLAN0006          8192 001a.e3f5.4406         0    2   20  15                  
VLAN0007          8192 001a.e3f5.4407         0    2   20  15                  
VLAN0008          8192 001a.e3f5.4408         0    2   20  15                  
VLAN0009          8192 001a.e3f5.4409         0    2   20  15                  
VLAN0010          8192 001a.e3f5.440a         0    2   20  15                  
VLAN0011          8192 001a.e3f5.440b         0    2   20  15                  
VLAN0012          8192 001a.e3f5.440c         0    2   20  15                  
VLAN0013          8192 001a.e3f5.440d         0    2   20  15                  
VLAN0014          8192 001a.e3f5.440e         0    2   20  15                  
VLAN0015          8192 001a.e3f5.440f         0    2   20  15                  
VLAN0016          8192 001a.e3f5.4410         0    2   20  15                  
VLAN0017          8192 001a.e3f5.4411         0    2   20  15                  
VLAN0018          8192 001a.e3f5.4412         0    2   20  15                  
VLAN0019          8192 001a.e3f5.4413         0    2   20  15                  
VLAN0020          8192 001a.e3f5.4414         0    2   20  15                  
VLAN0021          8192 001a.e3f5.4415         0    2   20  15                  
VLAN0022          8192 001a.e3f5.4416         0    2   20  15                  
VLAN0023          8192 001a.e3f5.4417         0    2   20  15                  
VLAN0024          8192 001a.e3f5.4418         0    2   20  15                  
VLAN00100          8192 001a.e3f5.4419         0    2   20  15   

Open in new window

                       

Core 2

sh spanning-tree root

----------- --------- ----- --- ---  ------------
VLAN0001          8192 001a.e3f5.4401         4    2   20  15  Gi2/23          
VLAN0002          8192 001a.e3f5.4402         4    2   20  15  Gi2/23          
VLAN0003          8192 001a.e3f5.4403         4    2   20  15  Gi2/23          
VLAN0004          8192 001a.e3f5.4404         4    2   20  15  Gi2/23          
VLAN0005          8192 001a.e3f5.4405         4    2   20  15  Gi2/23          
VLAN0006          8192 001a.e3f5.4406         4    2   20  15  Gi2/23          
VLAN0007          8192 001a.e3f5.4407         4    2   20  15  Gi2/23          
VLAN0008          8192 001a.e3f5.4408         4    2   20  15  Gi2/23          
VLAN0009          8192 001a.e3f5.4409         4    2   20  15  Gi2/23          
VLAN0010          8192 001a.e3f5.440a         4    2   20  15  Gi2/23          
VLAN0011          8192 001a.e3f5.440b         4    2   20  15  Gi2/23          
VLAN0012          8192 001a.e3f5.440c         4    2   20  15  Gi2/23          
VLAN0013          8192 001a.e3f5.440d         4    2   20  15  Gi2/23          
VLAN0014          8192 001a.e3f5.440e         4    2   20  15  Gi2/23          
VLAN0015          8192 001a.e3f5.440f         4    2   20  15  Gi2/23          
VLAN0016          8192 001a.e3f5.4410         4    2   20  15  Gi2/23          
VLAN0017          8192 001a.e3f5.4411         4    2   20  15  Gi2/23          
VLAN0018          8192 001a.e3f5.4412         4    2   20  15  Gi2/23          
VLAN0019          8192 001a.e3f5.4413         4    2   20  15  Gi2/23          
VLAN0020          8192 001a.e3f5.4414         4    2   20  15  Gi2/23          
VLAN0021          8192 001a.e3f5.4415         4    2   20  15  Gi2/23          
VLAN0022          8192 001a.e3f5.4416         4    2   20  15  Gi2/23          
VLAN0023          8192 001a.e3f5.4417         4    2   20  15  Gi2/23          
VLAN0024          8192 001a.e3f5.4418         4    2   20  15  Gi2/23          
VLAN00100         8192 001a.e3f5.4419         4    2   20  15  Gi2/23  

Core1

sh spanning-tree blocked

Core1#show spanning-tree blocked

Name                 Blocked Interfaces List
-------------------- ------------------------------------

Number of blocked ports (segments) in the system : 0

Open in new window



Core2

sh spanning-tree blocked

Core_Switch_1#show spanning-tree blocked

Name                 Blocked Interfaces List
-------------------- ------------------------------------

Number of blocked ports (segments) in the system : 0

Open in new window


Core1#sh standby brief 
                     P indicates configured to preempt.
                     |
Interface   Grp Prio P State    Active addr     Standby addr    Group addr     
Vl1         1   110  P Standby  10.10.11.253    local           10.10.11.1     
Vl2         2   110  P Active   local           10.1.1.253      10.1.1.1       
Vl3         3   110  P Active   local           10.1.2.253      10.1.2.1       
Vl4         4   110  P Active   local           10.1.3.253      10.1.3.1       
Vl5         5   110  P Active   local           10.1.4.253      10.1.4.1       
Vl6         6   110  P Active   local           10.1.5.253      10.1.5.1       
Vl7         7   110  P Active   local           10.1.6.253      10.1.6.1       
Vl8         8   110  P Active   local           10.1.7.253      10.1.7.1       
Vl9         9   110  P Active   local           10.1.8.253      10.1.8.1       
Vl10        10  110  P Active   local           10.1.9.253      10.1.9.1       
Vl11        11  110  P Active   local           10.1.10.253     10.1.10.1      
Vl12        12  110  P Active   local           10.1.11.253     10.1.11.1      
Vl13        13  110  P Active   local           10.1.12.253     10.1.12.1      
Vl14        14  110  P Active   local           10.1.13.253     10.1.13.1      
Vl15        15  110  P Active   local           10.1.14.253     10.1.14.1      
Vl16        16  110  P Active   local           10.1.15.253     10.1.15.1      
Vl17        17  110  P Active   local           10.1.16.253     10.1.16.1      
Vl18        18  110  P Active   local           192.168.168.253 192.168.168.1  
Vl19        19  110  P Active   local           10.1.18.253     10.1.18.1      
Vl20        20  110  P Active   local           10.1.19.253     10.1.19.1      
Vl21        21  110  P Active   local           10.1.20.253     10.1.20.1      
Vl22        22  110  P Active   local           10.1.21.253     10.1.21.1      
Vl23        23  110  P Active   local           10.1.22.253     10.1.22.1      
Vl24        24  110  P Active   local           10.1.23.253     10.1.23.1      
Vl100       100  110  P Active   local         10.1.100.253   10.1.100.1

Open in new window



Core 2

sh standby brief

Core2#sh standby brief 
                     P indicates configured to preempt.
                     |
Interface   Grp Prio P State    Active addr     Standby addr    Group addr     
Vl1         1   150  P Active   local           10.10.11.254    10.10.11.1     
Vl2         2   95   P Standby  10.1.1.254      local           10.1.1.1       
Vl3         3   95   P Standby  10.1.2.254      local           10.1.2.1       
Vl4         4   95   P Standby  10.1.3.254      local           10.1.3.1       
Vl5         5   95   P Standby  10.1.4.254      local           10.1.4.1       
Vl6         6   95   P Standby  10.1.5.254      local           10.1.5.1       
Vl7         7   95   P Standby  10.1.6.254      local           10.1.6.1       
Vl8         8   95   P Standby  10.1.7.254      local           10.1.7.1       
Vl9         9   95   P Standby  10.1.8.254      local           10.1.8.1       
Vl10        10  95   P Standby  10.1.9.254      local           10.1.9.1       
Vl11        11  95   P Standby  10.1.10.254     local           10.1.10.1      
Vl12        12  95   P Standby  10.1.11.254     local           10.1.11.1      
Vl13        13  95   P Standby  10.1.12.254     local           10.1.12.1      
Vl14        14  95   P Standby  10.1.13.254     local           10.1.13.1      
Vl15        15  95   P Standby  10.1.14.254     local           10.1.14.1      
Vl16        16  95   P Standby  10.1.15.254     local           10.1.15.1      
Vl17        17  95   P Standby  10.1.16.254     local           10.1.16.1      
Vl18        18  95   P Standby  192.168.168.254 local           192.168.168.1  
Vl19        19  95   P Standby  10.1.18.254     local           10.1.18.1      
Vl20        20  95   P Standby  10.1.19.254     local           10.1.19.1      
Vl21        21  95   P Standby  10.1.20.254     local           10.1.20.1      
Vl22        22  95   P Standby  10.1.21.254     local           10.1.21.1      
Vl23        23  95   P Standby  10.1.22.254     local           10.1.22.1      
Vl24        24  95   P Standby  10.1.23.254     local           10.1.23.1      
Vl100        25  95   P Standby 10.1.100.254     local         10.1.100.1          

Open in new window

0
 
LVL 50

Expert Comment

by:Don Johnston
Comment Utility
How often are you seeing the messages?

Are the messages (for one MAC) showing up every 2 seconds, 15 seconds, 60 seconds, 5 minutes, 1 hour?
0
 
LVL 45

Assisted Solution

by:Craig Beck
Craig Beck earned 250 total points
Comment Utility
STP looks good, therefore it's more likely that the client is being seen by multiple APs as donjohnston said.
I think that the wireless device is in just the right location between AP's that the signal strength is the same for the two AP's which is causing the MAC address flaps.  Or it could be the APs are too close together.
I see what you mean, but it doesn't usually work that way.  A client can't associate to more than one AP at a time and it won't roam to another AP until a set of thresholds have been reached.  If the client roams after the thresholds are reached the client won't usually come back to the original AP if it stays in the same place.  There are other factors which could affect this, but having APs close to each-other isn't really a problem - it's actually desirable in a lot of cases.  So, it's usually just that the MAC hasn't been dropped from the CAM table via its original port.

I do agree though, it's probably just that clients could be seen via two APs during the period in which the core retains the original port-to-MAC mapping and logs the new one.

If it's not causing issues for the clients I'd just ignore it.  It's part of the client-roam process.
0
 
LVL 3

Author Closing Comment

by:cciedreamer
Comment Utility
Thank you experts for your help. For now I will just ignore the messages
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

There are times where you would like to have access to information that is only available from a different network. This network could be down the hall, or across country. If each of the network sites have access to the internet, you can create a ne…
Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now