Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4976
Views
4
Helpful
7
Replies

Error : 5w2d: %SW_MATM-4-MACFLAP_NOTIF: flapping

Go to solution
ronald.ramzy
Level 1
Level 1

‎06-23-2009 03:58 AM - edited ‎03-06-2019 06:24 AM

Hi,

Can someone help with VLAN flapping Issue, I have connected port gi0/2 of 2960 series switch to Cisco 4500 series having Gigabit Ethernet Module

and get error message

5w2d: %SW_MATM-4-MACFLAP_NOTIF: Host 000d.9d4c.cb5a in vlan 1 is flapping between port Gi0/2 and port Fa0/33

5w2d: %SW_MATM-4-MACFLAP_NOTIF: Host 001a.a00d.d9d3 in vlan 1 is flapping between port Gi0/2 and port Fa0/15

5w2d: %SW_MATM-4-MACFLAP_NOTIF: Host 000d.9d4c.cb5a in vlan 1 is flapping between port Fa0/33 and port Gi0/2

Port 4/10 of 4500 Series Switch is connected to port gi0/2 of 2960 series switch

config on 4500

interface gi 4/10

switchport trunk encapsulation dot1q

switchport mode trunk

config on 2960

interface gi 0/2

switchport mode trunk (( it doesnt takes the command "switchport trunk encapsulation dot1q" )

003269: *Aug 3 17:57:43: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/2, changed state to up

003270: *Aug 3 18:05:33: %ETHCNTR-3-LOOP_BACK_DETECTED: Keepalive packet loop-back detected on GigabitEthernet0/2.

003271: *Aug 3 18:05:33: %PM-4-ERR_DISABLE: loopback error detected on Gi0/2, putting Gi0/2 in err-disable state

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to ronald.ramzy

‎06-23-2009 05:18 AM

Hello Ronald,

if the C2960 is managed by other people there is not a lot to do.

for access layer switches that you manage you can use

spanning-tree bpdu guard on all access ports (not on uplinks)

There are commands to configure timers for autorecovery from errordisable

errdisable recovery cause ?

all Enable timer to recover from all causes

arp-inspection Enable timer to recover from arp inspection error disable state

bpduguard Enable timer to recover from BPDU Guard error disable state

channel-misconfig Enable timer to recover from channel misconfig disable state

dhcp-rate-limit Enable timer to recover from dhcp-rate-limit error disable state

dtp-flap Enable timer to recover from dtp-flap error disable state

gbic-invalid Enable timer to recover from invalid GBIC error disable state

inline-power Enable timer to recover from inline-power error disable state

l2ptguard Enable timer to recover from l2protocol-tunnel error disable state

link-flap Enable timer to recover from link-flap error disable state

loopback Enable timer to recover from loopback disable state

pagp-flap Enable timer to recover from pagp-flap error disable state

psecure-violation Enable timer to recover from psecure violation disable state

security-violation Enable timer to recover from 802.1x violation disable state

sfp-config-mismatch Enable timer to recover from SFP config mismatch error disable state

storm-control Enable timer to recover from storm-control error disable state

udld Enable timer to recover from udld error disable state

unicast-flood Enable timer to recover from unicast flood disable state

vmps Enable timer to recover from vmps shutdown error disable state

you can specify cause and the time interval

(I took this from a C3560 but it should be present also on the C4500 the list of possible causes can be different)

Hope to help

Giuseppe

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎06-23-2009 04:27 AM

Hello Ronald,

the C2960 doesn't accept the command switchport trunk encapsulation dot1q if it supports only 802.1Q as it happens on C2950.

About the second issue:

003270: *Aug 3 18:05:33: %ETHCNTR-3-LOOP_BACK_DETECTED: Keepalive packet loop-back detected on GigabitEthernet0/2.

There is a SW bug that affects some IOS version of C2950, C2960, and C3750 where the switch treats the reception of its own loopback frames as a sign of a problem insteaf of a good sign.

the workaround is to disable on affected fiber based GE ports

the Cisco bug-id has been provided in a thread of last march.

with

int gi0/2

no keepalive

or an IOS upgrade

see

The bug affects some IOS releases on some switch platforms on fiber based ports.

see this thread

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=LAN%2C%20Switching%20and%20Routing&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40^1%40%40.2cc1ebcc/5#selected_message

you may need to copy to browser the text to be able to open the link

you can find this using search box on the top right with key LOOP_BACK_DETECTED

Hope to help

Giuseppe

0 Helpful

Go to solution
ronald.ramzy
Level 1
Level 1
In response to Giuseppe Larosa

‎06-23-2009 04:36 AM

Thanks.

Some switches are controlled by other departments is there a way to restrict on the 4500 to block cascading of switches.

I dont want the 2960 to be cascaded with another Switch.

I dont want other department to connect hub or switch to any ports of 2960

Switch goes to error-disable state, is there a way to remove from error-disable state automatically ( Mean with timeout options )

0 Helpful

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to ronald.ramzy

‎06-23-2009 05:18 AM

Hello Ronald,

if the C2960 is managed by other people there is not a lot to do.

for access layer switches that you manage you can use

spanning-tree bpdu guard on all access ports (not on uplinks)

There are commands to configure timers for autorecovery from errordisable

errdisable recovery cause ?

all Enable timer to recover from all causes

arp-inspection Enable timer to recover from arp inspection error disable state

bpduguard Enable timer to recover from BPDU Guard error disable state

channel-misconfig Enable timer to recover from channel misconfig disable state

dhcp-rate-limit Enable timer to recover from dhcp-rate-limit error disable state

dtp-flap Enable timer to recover from dtp-flap error disable state

gbic-invalid Enable timer to recover from invalid GBIC error disable state

inline-power Enable timer to recover from inline-power error disable state

l2ptguard Enable timer to recover from l2protocol-tunnel error disable state

link-flap Enable timer to recover from link-flap error disable state

loopback Enable timer to recover from loopback disable state

pagp-flap Enable timer to recover from pagp-flap error disable state

psecure-violation Enable timer to recover from psecure violation disable state

security-violation Enable timer to recover from 802.1x violation disable state

sfp-config-mismatch Enable timer to recover from SFP config mismatch error disable state

storm-control Enable timer to recover from storm-control error disable state

udld Enable timer to recover from udld error disable state

unicast-flood Enable timer to recover from unicast flood disable state

vmps Enable timer to recover from vmps shutdown error disable state

you can specify cause and the time interval

(I took this from a C3560 but it should be present also on the C4500 the list of possible causes can be different)

Hope to help

Giuseppe

0 Helpful

Go to solution
ronald.ramzy
Level 1
Level 1
In response to Giuseppe Larosa

‎06-23-2009 05:50 AM

Thanks Giuseppe.

I have few more query.

(1) Can I use command "errdisable recovery" on uplinks or access ports or both.

(2) Gi0/1 of 2960 is connected to 4500, gi0/2 of 2960 is connected to another 2960 switch(2). Is command "switchport mode trunk" enough for 2960_switch(2)

(3) I have a scenario where I need to connect 2960 to another 2960 switch, for redundancy I need to connect two ports of each switch to other switch, what commands are required. Is there an option to combine these ports as one.

0 Helpful

Go to solution
davy.timmermans
Level 4
Level 4
In response to ronald.ramzy

‎06-23-2009 05:59 AM

1)it's a global configuration command and affects for all errdisabled ports

2)yes, it's doing only dot1Q, ISL is not supported.

3)you've to bundle them in an etherchannel:

int fas0/1

switchport mode trunk

channel-group 1 mode desirable/active/auto/passive/on

int fas0/2

switchport mode trunk

channel-group 1 mode desirable/active/auto/passive/on

interface port-channel 1

switchport mode trunk

...

the port-channel acts as a logical interface for the 2 physical interfaces.

Note that ports you want to bundle need same characteristics (speed,...)

IKf you don't use a port-channel but two separate trunk links. The link with the highest portnumber will be blocked by STP. In other words, only 1 link will be used

0 Helpful

Go to solution
ronald.ramzy
Level 1
Level 1
In response to davy.timmermans

‎06-23-2009 06:45 AM

Thanks.

I have connected PC to console port on 4500 but not able to see ports going up and down. I have enabled logging console.

what is missing???

(2) Is there any other way to check if the ports are down due to error disable apart from sh logging console.

(3)WHY channel-group 1 mode desirable is more used than other option ( on / active / auto )

0 Helpful

Go to solution
davy.timmermans
Level 4
Level 4
In response to ronald.ramzy

‎06-23-2009 07:43 AM

1) logging event link-status (global config)

global linkstatus logging is disabled in the IOS you're using for this platform

for 3750, 3560, 2960, ... linkstatus logging is enabled by default

2) show interface status errdisable

3)maybe because desirable/auto (PaGP) is cisco propietary

HTH,

please rate posts if usefull

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card