Error : 5w2d: %SW_MATM-4-MACFLAP_NOTIF: flapping

Answered Question
Jun 23rd, 2009
User Badges:

Hi,


Can someone help with VLAN flapping Issue, I have connected port gi0/2 of 2960 series switch to Cisco 4500 series having Gigabit Ethernet Module

and get error message


5w2d: %SW_MATM-4-MACFLAP_NOTIF: Host 000d.9d4c.cb5a in vlan 1 is flapping between port Gi0/2 and port Fa0/33

5w2d: %SW_MATM-4-MACFLAP_NOTIF: Host 001a.a00d.d9d3 in vlan 1 is flapping between port Gi0/2 and port Fa0/15

5w2d: %SW_MATM-4-MACFLAP_NOTIF: Host 000d.9d4c.cb5a in vlan 1 is flapping between port Fa0/33 and port Gi0/2


Port 4/10 of 4500 Series Switch is connected to port gi0/2 of 2960 series switch


config on 4500

interface gi 4/10

switchport trunk encapsulation dot1q

switchport mode trunk


config on 2960

interface gi 0/2

switchport mode trunk (( it doesnt takes the command "switchport trunk encapsulation dot1q" )


003269: *Aug 3 17:57:43: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/2, changed state to up

003270: *Aug 3 18:05:33: %ETHCNTR-3-LOOP_BACK_DETECTED: Keepalive packet loop-back detected on GigabitEthernet0/2.

003271: *Aug 3 18:05:33: %PM-4-ERR_DISABLE: loopback error detected on Gi0/2, putting Gi0/2 in err-disable state




Correct Answer by Giuseppe Larosa about 7 years 11 months ago

Hello Ronald,

if the C2960 is managed by other people there is not a lot to do.


for access layer switches that you manage you can use

spanning-tree bpdu guard on all access ports (not on uplinks)


There are commands to configure timers for autorecovery from errordisable


errdisable recovery cause ?

all Enable timer to recover from all causes

arp-inspection Enable timer to recover from arp inspection error disable state

bpduguard Enable timer to recover from BPDU Guard error disable state

channel-misconfig Enable timer to recover from channel misconfig disable state

dhcp-rate-limit Enable timer to recover from dhcp-rate-limit error disable state

dtp-flap Enable timer to recover from dtp-flap error disable state

gbic-invalid Enable timer to recover from invalid GBIC error disable state

inline-power Enable timer to recover from inline-power error disable state

l2ptguard Enable timer to recover from l2protocol-tunnel error disable state

link-flap Enable timer to recover from link-flap error disable state

loopback Enable timer to recover from loopback disable state

pagp-flap Enable timer to recover from pagp-flap error disable state

psecure-violation Enable timer to recover from psecure violation disable state

security-violation Enable timer to recover from 802.1x violation disable state

sfp-config-mismatch Enable timer to recover from SFP config mismatch error disable state

storm-control Enable timer to recover from storm-control error disable state

udld Enable timer to recover from udld error disable state

unicast-flood Enable timer to recover from unicast flood disable state

vmps Enable timer to recover from vmps shutdown error disable state


you can specify cause and the time interval


(I took this from a C3560 but it should be present also on the C4500 the list of possible causes can be different)


Hope to help

Giuseppe


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Loading.
Giuseppe Larosa Tue, 06/23/2009 - 04:27
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Ronald,

the C2960 doesn't accept the command switchport trunk encapsulation dot1q if it supports only 802.1Q as it happens on C2950.


About the second issue:


003270: *Aug 3 18:05:33: %ETHCNTR-3-LOOP_BACK_DETECTED: Keepalive packet loop-back detected on GigabitEthernet0/2.


There is a SW bug that affects some IOS version of C2950, C2960, and C3750 where the switch treats the reception of its own loopback frames as a sign of a problem insteaf of a good sign.


the workaround is to disable on affected fiber based GE ports


the Cisco bug-id has been provided in a thread of last march.


with

int gi0/2

no keepalive


or an IOS upgrade



see


The bug affects some IOS releases on some switch platforms on fiber based ports.


see this thread


http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=LAN%2C%20Switching%20and%20Routing&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40^1%40%40.2cc1ebcc/5#selected_message


you may need to copy to browser the text to be able to open the link


you can find this using search box on the top right with key LOOP_BACK_DETECTED



Hope to help

Giuseppe



ronald.ramzy Tue, 06/23/2009 - 04:36
User Badges:

Thanks.


Some switches are controlled by other departments is there a way to restrict on the 4500 to block cascading of switches.


I dont want the 2960 to be cascaded with another Switch.


I dont want other department to connect hub or switch to any ports of 2960


Switch goes to error-disable state, is there a way to remove from error-disable state automatically ( Mean with timeout options )


Correct Answer
Giuseppe Larosa Tue, 06/23/2009 - 05:18
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Ronald,

if the C2960 is managed by other people there is not a lot to do.


for access layer switches that you manage you can use

spanning-tree bpdu guard on all access ports (not on uplinks)


There are commands to configure timers for autorecovery from errordisable


errdisable recovery cause ?

all Enable timer to recover from all causes

arp-inspection Enable timer to recover from arp inspection error disable state

bpduguard Enable timer to recover from BPDU Guard error disable state

channel-misconfig Enable timer to recover from channel misconfig disable state

dhcp-rate-limit Enable timer to recover from dhcp-rate-limit error disable state

dtp-flap Enable timer to recover from dtp-flap error disable state

gbic-invalid Enable timer to recover from invalid GBIC error disable state

inline-power Enable timer to recover from inline-power error disable state

l2ptguard Enable timer to recover from l2protocol-tunnel error disable state

link-flap Enable timer to recover from link-flap error disable state

loopback Enable timer to recover from loopback disable state

pagp-flap Enable timer to recover from pagp-flap error disable state

psecure-violation Enable timer to recover from psecure violation disable state

security-violation Enable timer to recover from 802.1x violation disable state

sfp-config-mismatch Enable timer to recover from SFP config mismatch error disable state

storm-control Enable timer to recover from storm-control error disable state

udld Enable timer to recover from udld error disable state

unicast-flood Enable timer to recover from unicast flood disable state

vmps Enable timer to recover from vmps shutdown error disable state


you can specify cause and the time interval


(I took this from a C3560 but it should be present also on the C4500 the list of possible causes can be different)


Hope to help

Giuseppe


ronald.ramzy Tue, 06/23/2009 - 05:50
User Badges:

Thanks Giuseppe.


I have few more query.


(1) Can I use command "errdisable recovery" on uplinks or access ports or both.


(2) Gi0/1 of 2960 is connected to 4500, gi0/2 of 2960 is connected to another 2960 switch(2). Is command "switchport mode trunk" enough for 2960_switch(2)


(3) I have a scenario where I need to connect 2960 to another 2960 switch, for redundancy I need to connect two ports of each switch to other switch, what commands are required. Is there an option to combine these ports as one.

davy.timmermans Tue, 06/23/2009 - 05:59
User Badges:
  • Silver, 250 points or more

1)it's a global configuration command and affects for all errdisabled ports

2)yes, it's doing only dot1Q, ISL is not supported.


3)you've to bundle them in an etherchannel:


int fas0/1

switchport mode trunk

channel-group 1 mode desirable/active/auto/passive/on


int fas0/2

switchport mode trunk

channel-group 1 mode desirable/active/auto/passive/on


interface port-channel 1

switchport mode trunk

...


the port-channel acts as a logical interface for the 2 physical interfaces.


Note that ports you want to bundle need same characteristics (speed,...)


IKf you don't use a port-channel but two separate trunk links. The link with the highest portnumber will be blocked by STP. In other words, only 1 link will be used


ronald.ramzy Tue, 06/23/2009 - 06:45
User Badges:

Thanks.


I have connected PC to console port on 4500 but not able to see ports going up and down. I have enabled logging console.

what is missing???


(2) Is there any other way to check if the ports are down due to error disable apart from sh logging console.


(3)WHY channel-group 1 mode desirable is more used than other option ( on / active / auto )



davy.timmermans Tue, 06/23/2009 - 07:43
User Badges:
  • Silver, 250 points or more

1) logging event link-status (global config)


global linkstatus logging is disabled in the IOS you're using for this platform

for 3750, 3560, 2960, ... linkstatus logging is enabled by default

2) show interface status errdisable

3)maybe because desirable/auto (PaGP) is cisco propietary


HTH,


please rate posts if usefull

Actions

This Discussion