Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

MAC FLAPPING ISSUE:%SW_MATM-4-MACFLAP_NOTIF

Dear All,

I am facing a network connectivity issue in my internal network. More than 20 users are getting RTO in our inside network. When I checked the the core switch i got an error regarding MAC flapping issue. But I am little bit confused that every MAC address learned from WLC  which is connected to my core switch(3750) on G0/15. when I checked  the connectivity the MAC address are belongs to the physical PC but I don't understand why the same MAC address is learned through WLC also as I have already disable the wireless driver of the PC. Every MAC address learn through WLC as well as switch(2960) which is connected to core switch. Please find below error...

001126: Jul 29 05:10:07: %SW_MATM-4-MACFLAP_NOTIF: Host d067.e518.1fdf in vlan 1

00 is flapping between port Gi0/15 and port Gi0/6

001127: Jul 29 05:15:39: %DHCPD-4-PING_CONFLICT: DHCP address conflict:  server

pinged 172.28.0.248.

001128: Jul 29 05:20:21: %SW_MATM-4-MACFLAP_NOTIF: Host d067.e518.1fdf in vlan 1

00 is flapping between port Gi0/15 and port Gi0/6

001129: Jul 29 05:21:22: %SW_MATM-4-MACFLAP_NOTIF: Host d067.e518.1fdf in vlan 1

00 is flapping between port Gi0/15 and port Gi0/6

001130: Jul 29 05:25:10: %SW_MATM-4-MACFLAP_NOTIF: Host d4be.d9bd.2dd3 in vlan 1

00 is flapping between port Gi0/1 and port Gi0/15

001131: Jul 29 05:31:36: %SW_MATM-4-MACFLAP_NOTIF: Host d067.e518.1fdf in vlan 1

00 is flapping between port Gi0/15 and port Gi0/6

001132: Jul 29 05:35:11: %SW_MATM-4-MACFLAP_NOTIF: Host d4be.d9bd.2dd3 in vlan 1

00 is flapping between port Gi0/15 and port Gi0/1

001133: Jul 29 05:35:17: %SW_MATM-4-MACFLAP_NOTIF: Host d4be.d9bd.2dd3 in vlan 1

00 is flapping between port Gi0/15 and port Gi0/1

001134: Jul 29 05:41:39: %SW_MATM-4-MACFLAP_NOTIF: Host d067.e518.1fdf in vlan 1

00 is flapping between port Gi0/15 and port Gi0/6

001135: Jul 29 05:43:17: %DHCPD-4-PING_CONFLICT: DHCP address conflict:  server

pinged 172.28.0.253.

001136: Jul 29 05:45:12: %SW_MATM-4-MACFLAP_NOTIF: Host d4be.d9bd.2dd3 in vlan 1

00 is flapping between port Gi0/15 and port Gi0/1

001137: Jul 29 05:45:28: %SW_MATM-4-MACFLAP_NOTIF: Host d4be.d9bd.2dd3 in vlan 1

00 is flapping between port Gi0/15 and port Gi0/1

001138: Jul 29 05:45:44: %SW_MATM-4-MACFLAP_NOTIF: Host d4be.d9bd.2dd3 in vlan 1

00 is flapping between port Gi0/15 and port Gi0/1

001139: Jul 29 05:46:02: %SW_MATM-4-MACFLAP_NOTIF: Host d4be.d9bd.2dd3 in vlan 1

00 is flapping between port Gi0/15 and port Gi0/1

001140: Jul 29 05:47:38: %DHCPD-4-PING_CONFLICT: DHCP address conflict:  server

pinged 172.28.1.1.

001141: Jul 29 05:51:50: %SW_MATM-4-MACFLAP_NOTIF: Host d067.e518.1fdf in vlan 1

00 is flapping between port Gi0/6 and port Gi0/15

001142: Jul 29 05:55:16: %SW_MATM-4-MACFLAP_NOTIF: Host d4be.d9bd.2dd3 in vlan 1

00 is flapping between port Gi0/15 and port Gi0/1

001143: Jul 29 05:55:31: %SW_MATM-4-MACFLAP_NOTIF: Host d4be.d9bd.2dd3 in vlan 1

00 is flapping between port Gi0/15 and port Gi0/1

001144: Jul 29 05:57:52: %SW_MATM-4-MACFLAP_NOTIF: Host d4be.d9bd.2dd3 in vlan 1

00 is flapping between port Gi0/15 and port Gi0/1

001145: Jul 29 06:00:36: %SW_MATM-4-MACFLAP_NOTIF: Host d067.e518.1fdf in vlan 1

00 is flapping between port Gi0/15 and port Gi0/6

001146: Jul 29 06:01:50: %SW_MATM-4-MACFLAP_NOTIF: Host d067.e518.1fdf in vlan 1

00 is flapping between port Gi0/15 and port Gi0/6

001147: Jul 29 06:02:39: %SW_MATM-4-MACFLAP_NOTIF: Host d4be.d9bd.2dd3 in vlan 1

00 is flapping between port Gi0/15 and port Gi0/1

001148: Jul 29 06:03:11: %SW_MATM-4-MACFLAP_NOTIF: Host d067.e518.1fdf in vlan 1

00 is flapping between port Gi0/15 and port Gi0/6

001149: Jul 29 06:05:19: %SW_MATM-4-MACFLAP_NOTIF: Host d4be.d9bd.2dd3 in vlan 1

00 is flapping between port Gi0/15 and port Gi0/1

001150: Jul 29 06:06:02: %SW_MATM-4-MACFLAP_NOTIF: Host d4be.d9bd.2dd3 in vlan 1

00 is flapping between port Gi0/15 and port Gi0/1

Please somebody help me why is happening like this??????????

Regards,

Sanjib Pradhan

14 REPLIES
Hall of Fame Super Blue

MAC FLAPPING ISSUE:%SW_MATM-4-MACFLAP_NOTIF

This happens if Etherchannel is not configured properly.

Community Member

MAC FLAPPING ISSUE:%SW_MATM-4-MACFLAP_NOTIF

Etherchannel is not configured in our entire network. We have two core switch and they are connected with two links.

Hall of Fame Super Silver

MAC FLAPPING ISSUE:%SW_MATM-4-MACFLAP_NOTIF

Spanning-tree loop will also cause this issue.

Community Member

MAC FLAPPING ISSUE:%SW_MATM-4-MACFLAP_NOTIF

I have already cheched the configuartion and did not find any configuration issue, also spanning tree is running fine.so I don't think so. If u still believe plz provide me some command to detect spanning tree loops.

Hall of Fame Super Silver

MAC FLAPPING ISSUE:%SW_MATM-4-MACFLAP_NOTIF

"show spanning-tree vlan 1" on both switches.

Sketch out on a piece of paper where is the root and which ports are forwarding.

Community Member

MAC FLAPPING ISSUE:%SW_MATM-4-MACFLAP_NOTIF

------------------ show spanning-tree ------------------

VLAN0001

  Spanning tree enabled protocol rstp

  Root ID    Priority    4097

             Address     d867.d9c9.c700

             This bridge is the root

             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    4097   (priority 4096 sys-id-ext 1)

             Address     d867.d9c9.c700

             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

             Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type

------------------- ---- --- --------- -------- --------------------------------

Gi0/1               Desg FWD 4         128.1    P2p

Gi0/2               Desg FWD 4         128.2    P2p

Gi0/3               Desg FWD 4         128.3    P2p

Gi0/4               Desg FWD 4         128.4    P2p

Gi0/5               Desg FWD 4         128.5    P2p

Gi0/6               Desg FWD 4         128.6    P2p

Gi0/7               Desg FWD 4         128.7    P2p

Gi0/9               Desg FWD 19        128.9    P2p Peer(STP)

Gi0/15              Desg FWD 4         128.15   P2p

Po1                 Desg FWD 3         128.56   P2p

VLAN0016

  Spanning tree enabled protocol rstp

  Root ID    Priority    4112

             Address     d867.d9c9.c700

             This bridge is the root

             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    4112   (priority 4096 sys-id-ext 16)

             Address     d867.d9c9.c700

             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

             Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type

------------------- ---- --- --------- -------- --------------------------------

Gi0/1               Desg FWD 4         128.1    P2p

Gi0/2               Desg FWD 4         128.2    P2p

Gi0/3               Desg FWD 4         128.3    P2p

Gi0/4               Desg FWD 4         128.4    P2p

Gi0/5               Desg FWD 4         128.5    P2p

Gi0/6               Desg FWD 4         128.6    P2p

Gi0/7               Desg FWD 4         128.7    P2p

Gi0/9               Desg FWD 19        128.9    P2p Peer(STP)

Gi0/15              Desg FWD 4         128.15   P2p

Gi0/17              Desg FWD 4         128.17   P2p Edge

Po1                 Desg FWD 3         128.56   P2p

VLAN0031

  Spanning tree enabled protocol rstp

  Root ID    Priority    4127

             Address     d867.d9c9.c700

             This bridge is the root

             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    4127   (priority 4096 sys-id-ext 31)

             Address     d867.d9c9.c700

             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

             Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type

------------------- ---- --- --------- -------- --------------------------------

Gi0/1               Desg FWD 4         128.1    P2p

Gi0/2               Desg FWD 4         128.2    P2p

Gi0/3               Desg FWD 4         128.3    P2p

Gi0/4               Desg FWD 4         128.4    P2p

Gi0/5               Desg FWD 4         128.5    P2p

Gi0/6               Desg FWD 4         128.6    P2p

Gi0/7               Desg FWD 4         128.7    P2p

Gi0/9               Desg FWD 19        128.9    P2p Peer(STP)

Gi0/15              Desg FWD 4         128.15   P2p

Po1                 Desg FWD 3         128.56   P2p

VLAN0060

  Spanning tree enabled protocol rstp

  Root ID    Priority    4156

             Address     d867.d9c9.c700

             This bridge is the root

             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    4156   (priority 4096 sys-id-ext 60)

             Address     d867.d9c9.c700

             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

             Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type

------------------- ---- --- --------- -------- --------------------------------

Gi0/1               Desg FWD 4         128.1    P2p

Gi0/2               Desg FWD 4         128.2    P2p

Gi0/3               Desg FWD 4         128.3    P2p

Gi0/4               Desg FWD 4         128.4    P2p

Gi0/5               Desg FWD 4         128.5    P2p

Gi0/6               Desg FWD 4         128.6    P2p

Gi0/7               Desg FWD 4         128.7    P2p

Gi0/9               Desg FWD 19        128.9    P2p Peer(STP)

Gi0/15              Desg FWD 4         128.15   P2p

Po1                 Desg FWD 3         128.56   P2p

VLAN0090

  Spanning tree enabled protocol rstp

  Root ID    Priority    4186

             Address     d867.d9c9.c700

             This bridge is the root

             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    4186   (priority 4096 sys-id-ext 90)

             Address     d867.d9c9.c700

             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

             Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type

------------------- ---- --- --------- -------- --------------------------------

Gi0/1               Desg FWD 4         128.1    P2p

Gi0/2               Desg FWD 4         128.2    P2p

Gi0/3               Desg FWD 4         128.3    P2p

Gi0/4               Desg FWD 4         128.4    P2p

Gi0/5               Desg FWD 4         128.5    P2p

Gi0/6               Desg FWD 4         128.6    P2p

Gi0/7               Desg FWD 4         128.7    P2p

Gi0/9               Desg FWD 19        128.9    P2p Peer(STP)

Gi0/11              Desg FWD 4         128.11   P2p Edge

Gi0/12              Desg FWD 4         128.12   P2p Edge

Gi0/13              Desg FWD 19        128.13   P2p Edge

Gi0/15              Desg FWD 4         128.15   P2p

Gi0/16              Desg FWD 4         128.16   P2p Edge

Gi0/20              Desg FWD 4         128.20   P2p Edge

Gi0/21              Desg FWD 4         128.21   P2p Edge

Gi0/22              Desg FWD 4         128.22   P2p Edge

Po1                 Desg FWD 3         128.56   P2p

VLAN0100

  Spanning tree enabled protocol rstp

  Root ID    Priority    4196

             Address     d867.d9c9.c700

             This bridge is the root

             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    4196   (priority 4096 sys-id-ext 100)

             Address     d867.d9c9.c700

             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

             Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type

------------------- ---- --- --------- -------- --------------------------------

Gi0/1               Desg FWD 4         128.1    P2p

Gi0/2               Desg FWD 4         128.2    P2p

Gi0/3               Desg FWD 4         128.3    P2p

Gi0/4               Desg FWD 4         128.4    P2p

Gi0/5               Desg FWD 4         128.5    P2p

Gi0/6               Desg FWD 4         128.6    P2p

Gi0/7               Desg FWD 4         128.7    P2p

Gi0/9               Desg FWD 19        128.9    P2p Peer(STP)

Gi0/15              Desg FWD 4         128.15   P2p

Po1                 Desg FWD 3         128.56   P2p

VLAN0110

  Spanning tree enabled protocol rstp

  Root ID    Priority    4206

             Address     d867.d9c9.c700

             This bridge is the root

             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    4206   (priority 4096 sys-id-ext 110)

             Address     d867.d9c9.c700

             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

             Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type

------------------- ---- --- --------- -------- --------------------------------

Gi0/1               Desg FWD 4         128.1    P2p

Gi0/2               Desg FWD 4         128.2    P2p

Gi0/3               Desg FWD 4         128.3    P2p

Gi0/4               Desg FWD 4         128.4    P2p

Gi0/5               Desg FWD 4         128.5    P2p

Gi0/6               Desg FWD 4         128.6    P2p

Gi0/7               Desg FWD 4         128.7    P2p

Gi0/9               Desg FWD 19        128.9    P2p

Gi0/15              Desg FWD 4         128.15   P2p

Po1                 Desg FWD 3         128.56   P2p

VLAN0120

  Spanning tree enabled protocol rstp

  Root ID    Priority    4216

             Address     d867.d9c9.c700

             This bridge is the root

             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    4216   (priority 4096 sys-id-ext 120)

             Address     d867.d9c9.c700

             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

             Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type

------------------- ---- --- --------- -------- --------------------------------

Gi0/1               Desg FWD 4         128.1    P2p

Gi0/2               Desg FWD 4         128.2    P2p

Gi0/3               Desg FWD 4         128.3    P2p

Gi0/4               Desg FWD 4         128.4    P2p

Gi0/5               Desg FWD 4         128.5    P2p

Gi0/6               Desg FWD 4         128.6    P2p

Gi0/7               Desg FWD 4         128.7    P2p

Gi0/9               Desg FWD 19        128.9    P2p Peer(STP)

Gi0/15              Desg FWD 4         128.15   P2p

Po1                 Desg FWD 3         128.56   P2p

VLAN0140

  Spanning tree enabled protocol rstp

  Root ID    Priority    4236

             Address     d867.d9c9.c700

             This bridge is the root

             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    4236   (priority 4096 sys-id-ext 140)

             Address     d867.d9c9.c700

             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

             Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type

------------------- ---- --- --------- -------- --------------------------------

Gi0/1               Desg FWD 4         128.1    P2p

Gi0/2               Desg FWD 4         128.2    P2p

Gi0/3               Desg FWD 4         128.3    P2p

Gi0/4               Desg FWD 4         128.4    P2p

Gi0/5               Desg FWD 4         128.5    P2p

Gi0/6               Desg FWD 4         128.6    P2p

Gi0/7               Desg FWD 4         128.7    P2p

Gi0/8               Desg FWD 4         128.8    P2p Edge

Gi0/9               Desg FWD 19        128.9    P2p

Gi0/10              Desg FWD 4         128.10   P2p Edge

Gi0/15              Desg FWD 4         128.15   P2p

Po1                 Desg FWD 3         128.56   P2p

VLAN0160

  Spanning tree enabled protocol rstp

  Root ID    Priority    4256

             Address     d867.d9c9.c700

             This bridge is the root

             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    4256   (priority 4096 sys-id-ext 160)

             Address     d867.d9c9.c700

             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

             Aging Time  300 sec

Interface           Role Sts Cost      Prio.Nbr Type

------------------- ---- --- --------- -------- --------------------------------

Gi0/1               Desg FWD 4         128.1    P2p

Gi0/2               Desg FWD 4         128.2    P2p

Gi0/3               Desg FWD 4         128.3    P2p

Gi0/4               Desg FWD 4         128.4    P2p

Gi0/5               Desg FWD 4         128.5    P2p

Gi0/6               Desg FWD 4         128.6    P2p

Gi0/7               Desg FWD 4         128.7    P2p

Gi0/9               Desg FWD 19        128.9    P2p Peer(STP)

Gi0/15              Desg FWD 4         128.15   P2p

Po1                 Desg FWD 3         128.56   P2p

------------------ show etherchannel summary ------------------

Flags:  D - down        P - bundled in port-channel

        I - stand-alone s - suspended

        H - Hot-standby (LACP only)

        R - Layer3      S - Layer2

        U - in use      f - failed to allocate aggregator

        M - not in use, minimum links not met

        u - unsuitable for bundling

        w - waiting to be aggregated

        d - default port

Number of channel-groups in use: 1

Number of aggregators:           1

Group  Port-channel  Protocol    Ports

------+-------------+-----------+-----------------------------------------------

1      Po1(SU)          -        Gi0/23(P)   Gi0/24(P)  

------------------ show ipc nodes ------------------

There is 1 node in this IPC realm.

   ID       Type               Name                             Last   Last

                                                                Sent   Heard

0.10000    Local      IPC Master                               0      0    

Hall of Fame Super Silver

Re: MAC FLAPPING ISSUE:%SW_MATM-4-MACFLAP_NOTIF

Your output is for all VLANs and only from one switch. "show spann vlan 1" please from both switches.

(and/or configs as Leo suggests)

Hall of Fame Super Blue

Re: MAC FLAPPING ISSUE:%SW_MATM-4-MACFLAP_NOTIF

We have two core switch and they are connected with two links.

Post the interface configs.

Etherchannel is not configured in our entire network.

Huh?  If you don't have any Etherchannels then what is Po1? 

Community Member

MAC FLAPPING ISSUE:%SW_MATM-4-MACFLAP_NOTIF

------------------ show running-config ------------------

Building configuration...

Current configuration : 12820 bytes

!

! Last configuration change at 05:13:22 IST Thu Jul 25 2013 by mak

! NVRAM config last updated at 08:55:31 IST Fri Jul 26 2013 by mak

!

version 12.2

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug uptime

service timestamps log datetime

service password-encryption

service sequence-numbers

!

hostname Stringer01

!

boot-start-marker

boot-end-marker

!

logging buffered 50000

enable secret 5

!

username mak secret 5

username Corbus password 7

!

!

no aaa new-model

clock timezone IST 5 30

system mtu routing 1500

no ip source-route

ip routing

no ip dhcp relay information check

ip dhcp excluded-address 172.28.0.1 172.28.0.50

ip dhcp excluded-address 172.28.2.1 172.28.2.50

ip dhcp excluded-address 172.28.4.1 172.28.4.50

ip dhcp excluded-address 172.28.1.87

ip dhcp excluded-address 172.28.1.88

ip dhcp excluded-address 172.28.1.55

!

ip dhcp pool DATA-2

   network 172.28.2.0 255.255.254.0

   default-router 172.28.2.1

   domain-name corbus.com

   dns-server 172.29.0.116

!

ip dhcp pool VOICE

   network 172.28.4.0 255.255.254.0

   default-router 172.28.4.1

   domain-name corbus.com

   option 150 ip 172.29.0.202

   dns-server 172.29.0.116

!

ip dhcp pool DATA-1

   network 172.28.0.0 255.255.254.0

   default-router 172.28.0.1

   domain-name corbus.com

   dns-server 172.29.0.116

   lease 2

!

!

ip domain-name corbus.com

udld aggressive

!

mls qos map cos-dscp 0 8 16 24 32 46 48 56

mls qos srr-queue input bandwidth 70 30

mls qos srr-queue input threshold 1 80 90

mls qos srr-queue input priority-queue 2 bandwidth 30

mls qos srr-queue input cos-map queue 1 threshold 2 3

mls qos srr-queue input cos-map queue 1 threshold 3 6 7

mls qos srr-queue input cos-map queue 2 threshold 1 4

mls qos srr-queue input dscp-map queue 1 threshold 2 24

mls qos srr-queue input dscp-map queue 1 threshold 3 48 49 50 51 52 53 54 55

mls qos srr-queue input dscp-map queue 1 threshold 3 56 57 58 59 60 61 62 63

mls qos srr-queue input dscp-map queue 2 threshold 3 32 33 40 41 42 43 44 45

mls qos srr-queue input dscp-map queue 2 threshold 3 46 47

mls qos srr-queue output cos-map queue 1 threshold 3 4 5

mls qos srr-queue output cos-map queue 2 threshold 1 2

mls qos srr-queue output cos-map queue 2 threshold 2 3

mls qos srr-queue output cos-map queue 2 threshold 3 6 7

mls qos srr-queue output cos-map queue 3 threshold 3 0

mls qos srr-queue output cos-map queue 4 threshold 3 1

mls qos srr-queue output dscp-map queue 1 threshold 3 32 33 40 41 42 43 44 45

mls qos srr-queue output dscp-map queue 1 threshold 3 46 47

mls qos srr-queue output dscp-map queue 2 threshold 1 16 17 18 19 20 21 22 23

mls qos srr-queue output dscp-map queue 2 threshold 1 26 27 28 29 30 31 34 35

mls qos srr-queue output dscp-map queue 2 threshold 1 36 37 38 39

mls qos srr-queue output dscp-map queue 2 threshold 2 24

mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55

mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63

mls qos srr-queue output dscp-map queue 3 threshold 3 0 1 2 3 4 5 6 7

mls qos srr-queue output dscp-map queue 4 threshold 1 8 9 11 13 15

mls qos srr-queue output dscp-map queue 4 threshold 2 10 12 14

mls qos queue-set output 1 threshold 1 100 100 50 200

mls qos queue-set output 1 threshold 2 125 125 100 400

mls qos queue-set output 1 threshold 3 100 100 100 400

mls qos queue-set output 1 threshold 4 60 150 50 200

mls qos queue-set output 1 buffers 15 25 40 20

mls qos

!

crypto pki trustpoint TP-self-signed-3653879552

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-3653879552

revocation-check none

rsakeypair TP-self-signed-3653879552

!

!

crypto pki certificate chain TP-self-signed-3653879552

certificate self-signed 01

  3082024D 308201B6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 33363533 38373935 3532301E 170D3933 30333031 30303031

  31375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 36353338

  37393535 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

  8100B7EF B4BC8123 F4E1B488 598738C4 1855FFFD 0A501870 8701F151 75BB030C

  AA26FC07 8CBCBF58 A0D6DAE2 6F059151 9A781513 F834D2A2 31822619 91A17474

  9DABD1FD 803329C4 714E4664 98D45016 7C67DC3B 7EB3695E 7E434E7A A9649251

  5D3E67AE 665E6B51 811BF1A8 8E7900D0 DA24EE14 9251BA4C C88D270C 936AE19F

  9AAB0203 010001A3 75307330 0F060355 1D130101 FF040530 030101FF 30200603

  551D1104 19301782 15537472 696E6765 7230312E 636F7262 75732E63 6F6D301F

  0603551D 23041830 16801438 370973AE E12748AA 2AA88A30 DE285513 8FF91630

  1D060355 1D0E0416 04143837 0973AEE1 2748AA2A A88A30DE 2855138F F916300D

  06092A86 4886F70D 01010405 00038181 000CD135 9D37C3B1 E2F2BB12 AC081F13

  C7E31A6B F2EA906B 79194F7B 27FE18BD 84B9AB14 45684244 C21CE1EE B4A55120

  06298634 ED9B1717 816E5C2B B253AC3D C574B98E 2F839314 3D862347 42FFAF4B

  2A667B2B AD0D3D7F 4598A7BF 89510A83 0D0A21D9 8552454A 34BD93C1 3D803B77

  5123E5B9 D1ABD22F 7A3DE99E 3E197EE4 E0

  quit

!

spanning-tree mode rapid-pvst

spanning-tree portfast default

spanning-tree portfast bpduguard default

spanning-tree extend system-id

spanning-tree vlan 1-4094 priority 4096

auto qos srnd4

!

!

!

errdisable recovery cause udld

errdisable recovery cause bpduguard

errdisable recovery cause security-violation

errdisable recovery cause channel-misconfig (STP)

errdisable recovery cause pagp-flap

errdisable recovery cause dtp-flap

errdisable recovery cause link-flap

errdisable recovery cause sfp-config-mismatch

errdisable recovery cause gbic-invalid

errdisable recovery cause l2ptguard

errdisable recovery cause psecure-violation

errdisable recovery cause port-mode-failure

errdisable recovery cause dhcp-rate-limit

errdisable recovery cause pppoe-ia-rate-limit

errdisable recovery cause mac-limit

errdisable recovery cause vmps

errdisable recovery cause storm-control

errdisable recovery cause inline-power

errdisable recovery cause arp-inspection

errdisable recovery cause loopback

errdisable recovery cause small-frame

errdisable recovery interval 60

!

vlan internal allocation policy ascending

!

ip ssh time-out 60

ip ssh authentication-retries 2

ip ssh version 2

lldp run

!

!

!

interface Port-channel1

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface FastEthernet0

no ip address

no ip route-cache cef

no ip route-cache

no ip mroute-cache

shutdown

!

interface GigabitEthernet0/1

description "Connected to Tomhawk Access Switch"

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet0/2

description "Connected to Tomhawk Access Switch"

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet0/3

description "Connected to Tomhawk Access Switch"

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet0/4

description "Connected to Tomhawk Access Switch"

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet0/5

description "Connected to Tomhawk Access Switch"

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet0/6

description "Connected to Tomhawk Access Switch"

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet0/7

description "Connected to Tomhawk Access Switch"

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet0/8

description "Corbus FTP Server"

switchport access vlan 140

!

interface GigabitEthernet0/9

description "Connected to NSEZ P2P Link"

switchport trunk encapsulation dot1q

switchport mode trunk

speed 100

duplex full

!

interface GigabitEthernet0/10

description "DMZ Port-Connected to ASA Gi0/2"

switchport access vlan 140

switchport mode access

no logging event link-status

no snmp trap link-status

spanning-tree portfast

!

interface GigabitEthernet0/11

description "EMC Storage Server SkyIN MGMT A"

switchport access vlan 90

switchport mode access

!

interface GigabitEthernet0/12

description "EMC Storage Server SkyIN DATA A Primary"

switchport access vlan 90

switchport mode access

!

interface GigabitEthernet0/13

description "EMC Storage Server SkyIN DATA A Secondry Ether"

switchport access vlan 90

switchport mode access

!

interface GigabitEthernet0/14

switchport access vlan 90

switchport mode access

!

interface GigabitEthernet0/15

description "Connected to Wireless LAN Controller"

switchport trunk encapsulation dot1q

switchport trunk native vlan 90

switchport mode trunk

!

interface GigabitEthernet0/16

description "Connected to Harpoon ASA Firewall"

switchport access vlan 90

switchport mode access

no logging event link-status

no snmp trap link-status

spanning-tree portfast

!

interface GigabitEthernet0/17

switchport access vlan 16

switchport mode access

no logging event link-status

no snmp trap link-status

spanning-tree portfast

!

interface GigabitEthernet0/18

switchport access vlan 90

switchport mode access

no logging event link-status

no snmp trap link-status

spanning-tree portfast

!

interface GigabitEthernet0/19

switchport access vlan 90

switchport mode access

no logging event link-status

no snmp trap link-status

spanning-tree portfast

!

interface GigabitEthernet0/20

description "Uplink to ADC Agosta"

switchport access vlan 90

switchport mode access

no logging event link-status

no snmp trap link-status

spanning-tree portfast

!

interface GigabitEthernet0/21

description "CISCO VOICE GATEWAY ROUTER 2901"

switchport access vlan 90

switchport mode access

no logging event link-status

no snmp trap link-status

spanning-tree portfast

!

interface GigabitEthernet0/22

description "CISCO CALL MANAGER MCS SERVER"

switchport access vlan 90

switchport mode access

no logging event link-status

no snmp trap link-status

spanning-tree portfast

!

interface GigabitEthernet0/23

description "Trunk to Stringer02"

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 1 mode on

!

interface GigabitEthernet0/24

description "Trunk to Stringer02"

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 1 mode on

!

interface GigabitEthernet1/1

!

interface GigabitEthernet1/2

!

interface GigabitEthernet1/3

!

interface GigabitEthernet1/4

!

interface TenGigabitEthernet1/1

!

interface TenGigabitEthernet1/2

!

interface Vlan1

no ip address

shutdown

!

interface Vlan90

description MGMT

ip address 172.29.0.2 255.255.0.0

no ip redirects

no ip unreachables

no ip proxy-arp

standby 90 ip 172.29.0.1

standby 90 priority 120

standby 90 preempt

!

interface Vlan100

description DATA-1

ip address 172.28.0.2 255.255.254.0

no ip redirects

no ip unreachables

no ip proxy-arp

standby 100 ip 172.28.0.1

standby 100 priority 120

standby 100 preempt

!

interface Vlan110

description DATA-2

ip address 172.28.2.2 255.255.254.0

no ip redirects

no ip unreachables

no ip proxy-arp

standby 110 ip 172.28.2.1

standby 110 priority 120

standby 110 preempt

!

interface Vlan120

description VOICE                                            

ip address 172.28.4.2 255.255.254.0

no ip redirects

no ip unreachables

no ip proxy-arp

standby 120 ip 172.28.4.1

standby 120 priority 120

standby 120 preempt

!

ip classless

ip route 0.0.0.0 0.0.0.0 172.29.0.100

ip route 10.0.0.0 255.0.0.0 172.29.0.40

ip route 172.16.0.0 255.255.0.0 172.29.0.40

ip route 172.19.0.0 255.255.0.0 172.29.0.40

ip route 172.30.0.0 255.255.0.0 172.29.0.40

ip route 172.32.0.0 255.255.0.0 172.29.0.40

ip route 172.60.0.0 255.255.0.0 172.29.0.40

ip route 192.168.60.0 255.255.255.0 172.29.0.40

!

ip http server

ip http secure-server

!

ip sla enable reaction-alerts

!

snmp-server community RO

Hall of Fame Super Blue

Re: MAC FLAPPING ISSUE:%SW_MATM-4-MACFLAP_NOTIF

errdisable recovery cause bpduguard

OMFG!  You have this turned on??? 

"Connected to Tomhawk Access Switch"

What device is connected from Gi 0/1 - Gi 0/7?

Community Member

MAC FLAPPING ISSUE:%SW_MATM-4-MACFLAP_NOTIF

What is the effect of this command????????? Is it reqired to remove it???

Hall of Fame Super Silver

Re: MAC FLAPPING ISSUE:%SW_MATM-4-MACFLAP_NOTIF

Yes remove it by all means. It basically tells the switch to keep re-enabling any port that is breaking spanning-tree.

Personally I'd remove all the other errdisable recovery settings too. Someone has tried their hardest (and succeeded from the original post) to break the built-in safety features by disabling all of them.

Also, your ports connected to other switches should have:

     no spanning-tree portfast

...since it is otherwise on due to the global default that has been set.

Hall of Fame Super Blue

MAC FLAPPING ISSUE:%SW_MATM-4-MACFLAP_NOTIF

What is the effect of this command

BPDU Guard is your "guardian angel".  It's one of the few mechanisms that's designed to save your network from an STP loop.  This command "errdisable recovery cause bpduguard" basically tells the switch, if someone plugs a switch into the port, DON'T WORRY ABOUT IT AND RUN STP.

A good network operator will NEVER enable that command. 

Hall of Fame Super Silver

MAC FLAPPING ISSUE:%SW_MATM-4-MACFLAP_NOTIF

Yeah that's definitely not recommended.

Spanning-tree portfast is on by global default, it's not overridden on your trunk ports and then - adding insult to injury - that and all the other errdisable mechanisms are overridden.

2190
Views
0
Helpful
14
Replies
CreatePlease to create content