Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2407
Views
0
Helpful
2
Replies

syslog message %SW_MATM-4-MACFLAP_NOTIF and what it means

cisco24x7
Level 6
Level 6

‎05-10-2009 02:00 PM - edited ‎03-06-2019 05:38 AM

I need expert help from Cisco gurus in this forum:

I recently swapped out a pair of Catalyst 3750s running IOS image c3750-ipservicesk9-mz.122-25.SEE3.bin with a pair of newer

hardware 3750s running IOS image c3750-ipservicesk9-mz.122-35.SE5.bin. Between these two switches is an EtherChannel. There

is NOTHING connected to these two switches other than a pair of Checkpoint Secureplatform NGx R65 with HFA_02 and the upstream

router. The Etherchannel is working fine and there are NO errors on the trunk ports which are part of the EtherChannel. We

just copy the configuration from the old switches over to the new switches. Everything is identical other than the hardware

is newer 3750s supporting Copper Gig interfaces. Those 3750s are our Internet switches. The back-side of the Checpoint firewalls

are connected to a pair of Catalyst 6513s running IOS 12.2(18)SXF11. By the way, the Checkpoint firewalls are running in

ClusterXL Active/Active Unicast mode (i.e. 30% on FW-A and 70% on FW-B).

Ever since we moved over to the new hardware, we have been getting a bunch of these messages in the catlyst 3750 log, at the rate

of 5 messages every 10 seconds:

May 10 21:43:35: %SW_MATM-4-MACFLAP_NOTIF: Host 0000.0000.fe01 in vlan 100 is flapping between port Gi1/0/48 and port Gi1/0/9

May 10 21:43:50: %SW_MATM-4-MACFLAP_NOTIF: Host 0000.0000.fe01 in vlan 100 is flapping between port Gi1/0/48 and port Gi1/0/9

Basically Gi1/0/48 and Gi1/0/9 are the ports that the checkpoint firewall interfaces are connected to. The MAC address in the log

is the Checkpoint ClusterXL IP address, similar to VRRP IP address if you are familiar with Nokia, well, sort of.

I have no issues with the Checkpoint firewall interfaces connected to the Catalyst 6513s.

If I move the connections back to the old catalyst 3750s, then these messages go away. They came back as soon as I connected them

to the new Catalyst 3750s.

There are NO spanning tree loop. The two 3750s are connected to each other and nothing else.

Anyone know what this message means and how to make it go away? Many thanks.

Labels:
0 Helpful
2 Replies 2

cisco24x7
Level 6
Level 6

‎05-10-2009 02:04 PM

diagram attached

Preview file
25 KB
0 Helpful

iyde
Level 4
Level 4
In response to cisco24x7

‎05-12-2009 07:20 AM

It looks to me like the two Checkpoints frequently sends out data with the same MAC address. I assume that the MAC address is the shared virtual MAC address of the Cehckpoints.

My guess (as I don't know for sure) is, that Cisco has changed the logging info level or such from the IOS version you ahd on the old 3750 boxes to the new 3750G boxes you are using now.

HTH

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card