Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Router Mac flapping on host interface

Dear All,

I have a VERY strange problem on our offices. I'm going report the most simple case in order to let you understand better.

 

One 2960 Switch

One 2901 Router

Three PCs

Router and PCs are connected using a single straigh-throu cable.

On our swith we find sometimes the following warning:

Aug 29 12:21:28.247: %SW_MATM-4-MACFLAP_NOTIF: Host e02f.6dc1.b0f8 in vlan 2 is flapping between port Fa0/10 and port Fa0/24

 

Port 10 is phisically connected to one PC

Port 24 is phisically connected to the router

There are no loops on the switch.

 

This problem happens in other 10/12 offices with more complex infrastructure but the warning is always the same:

The Default Gatway MAC address flaps from its port to a PC port.

Obviously we already checked the PC and there are no network devices between the NIC and wall port.

Paolo

Everyone's tags (1)
18 REPLIES

Paolo,I presume also that

Paolo,

I presume also that there are no second NIC cards in any of the PCs?

If the MAC address in question is that of the router, then the question is why the PC is sourcing frames with that as the source address.  The only reason I can think of is some sort of bridging in the PC itself (or PCs), which suggests there might be a second NIC in the PC to connect it to another network, or maybe some emulator with virtual interfaces like vmplayer, or something similar.  What do you have in the PC that might be "unusual"?

 

Kevin Dorrell

Luxembourg

 

Community Member

This is exactly the issue,

This is exactly the issue, each PC has just one NIC.

All the PC are have same brand, model, PCI and software since it's all managed via software distribution.

No virtualization systems.

PC network cards are all Broadcom NetXtreme Gigabit Ethernet Plus .

 

Don't know really what the cause could be...

 

thanks,

Paolo

Cisco Employee

Can you please share the

SO you get some packet looped from device with MAC e02f.6dc1.b0f8. You can see packet is coming both from Fa0/10 and port Fa0/24. You need to trace that mac down to the end device and see why this packet taking both pathes to your switch.

Causes can be:

- link flapping issue triggering packet to take another part

- that in turn can cause STP loops

- If in case you are using Windows Server 2003, & to get rid of this pesky MAC address that keeps appearing across your MAC  tables you need to go to Network adapter settings -> highlight your adapter --> right click --> Properties--> and Untick 'Network Load Balancing'.

Can you please share the config of these respective ports for me?

HTH

Regards

Inayath

Community Member

Dear Inayath, Here is the

Dear Inayath,

 

Here is the ports config:

 

switchsdbud01#sh run interface FastEthernet 0/10
Building configuration...

Current configuration : 84 bytes
!
interface FastEthernet0/10
 switchport access vlan 2
 spanning-tree portfast
end

switchsdbud01#sh run interface FastEthernet 0/24
Building configuration...

Current configuration : 84 bytes
!
interface FastEthernet0/24
 switchport access vlan 2
 spanning-tree portfast
end

Aug 29 12:21:28.247: %SW_MATM-4-MACFLAP_NOTIF: Host e02f.6dc1.b0f8 in vlan 2 is flapping between port Fa0/10 and port Fa0/24

MAC address  e02f.6dc1.b0f8 is connected to Fa0/24.

 

There is only one switch and there are no physical loops.

On port Fa0/10 there is a Windows 7 PC.

 

What do you mean with "link flapping issue triggering packet to take another part" ?

 

thanks,

 

Paolo

 

 

 

 

Cisco Employee

Few things to check;1- you


Few things to check;
1- you said the mac address which we are seeing is connected to port F0/24 what is connected to port F0/10.
2- can you please do sh mac address-table interface f0/10 & f0/24.
3- could you please check if the windows pc have 2 nic card and by mistake someone connected the link to both the ports on the same switch/

HTH

Inayath

Community Member

Can you execute this check

Can you execute this check and reply the result of the command ?

 1) show mac address-table on interface Fa0/10 and Fa0/24

 2) show mac address-table mac address e02f.6dc1.b0f8

 3) on the router execute show ip arp

 4) on the pc execute ping to the address of the router

Community Member

Here we are: switchsdbud01

Here we are:

 

switchsdbud01#show mac address-table interface FastEthernet 0/10
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
   2    6c3b.e50e.0e37    DYNAMIC     Fa0/10
Total Mac Addresses for this criterion: 1
switchsdbud01#show mac address-table interface FastEthernet 0/24
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
   2    e02f.6dc1.b0f8    DYNAMIC     Fa0/24

 

r-sdbud#sh ip arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  10.124.0.101            0   6c3b.e50e.0e48  ARPA   GigabitEthernet0/0
Internet  10.124.0.103            0   6c3b.e50e.0e2d  ARPA   GigabitEthernet0/0
Internet  10.124.0.104            0   6c3b.e50e.0e37  ARPA   GigabitEthernet0/0
Internet  10.124.0.105            0   6c3b.e50f.4ddb  ARPA   GigabitEthernet0/0
Internet  10.124.0.190           15   9c8e.9950.73e2  ARPA   GigabitEthernet0/0
Internet  10.124.0.194            0   000c.296c.3e63  ARPA   GigabitEthernet0/0
Internet  10.124.0.199            1   000c.29d4.6ca4  ARPA   GigabitEthernet0/0
Internet  10.124.0.241          215   04da.d270.7541  ARPA   GigabitEthernet0/0
Internet  10.124.0.254            -   e02f.6dc1.b0f8  ARPA   GigabitEthernet0/0

 

Ping from the PC is successful

 

 

 

Community Member

You need to execute the

You need to execute the following command ;

 

show mac mac-address-table e02f.6dc1.b0f8

From your result, i think that there isn't problem. The router is on the Fa0/24 and the PC is on the router Fa0/10. In your switch, do you have a instruction as below :

arp 10.124.0.254 e02f.6dc1.b0f8  ARPA

 

 

Community Member

switchsdbud01#show mac

switchsdbud01#show mac address-table | incl e02f.6dc1.b0f8
   2    e02f.6dc1.b0f8    DYNAMIC     Fa0/24

 

Has I told, this warning happen sometimes and not continuously.

Moreover on yesterday I had a VERY bad log regarding this matter:

 

Sep  2 08:30:27.415: %SW_MATM-4-MACFLAP_NOTIF: Host e02f.6dc1.b0f8 in vlan 2 is flapping between port Fa0/10 and port Fa0/24
Sep  2 12:03:52.507: %SW_MATM-4-MACFLAP_NOTIF: Host e02f.6dc1.b0f8 in vlan 2 is flapping between port Fa0/7 and port Fa0/24
Sep  2 12:04:09.964: %SW_MATM-4-MACFLAP_NOTIF: Host e02f.6dc1.b0f8 in vlan 2 is flapping between port Fa0/7 and port Fa0/24
Sep  2 12:19:59.226: %SW_MATM-4-MACFLAP_NOTIF: Host e02f.6dc1.b0f8 in vlan 2 is flapping between port Fa0/11 and port Fa0/24
Sep  2 13:07:22.042: %SW_MATM-4-MACFLAP_NOTIF: Host e02f.6dc1.b0f8 in vlan 2 is flapping between port Fa0/10 and port Fa0/24
Sep  2 13:07:55.647: %SW_MATM-4-MACFLAP_NOTIF: Host e02f.6dc1.b0f8 in vlan 2 is flapping between port Fa0/10 and port Fa0/24
Sep  2 13:08:03.062: %SW_MATM-4-MACFLAP_NOTIF: Host e02f.6dc1.b0f8 in vlan 2 is flapping between port Fa0/10 and port Fa0/24
Sep  2 14:26:52.272: %SW_MATM-4-MACFLAP_NOTIF: Host e02f.6dc1.b0f8 in vlan 2 is flapping between port Fa0/7 and port Fa0/24
Sep  2 14:35:08.609: %SW_MATM-4-MACFLAP_NOTIF: Host e02f.6dc1.b0f8 in vlan 2 is flapping between port Fa0/9 and port Fa0/24
Sep  2 14:42:40.967: %SW_MATM-4-MACFLAP_NOTIF: Host e02f.6dc1.b0f8 in vlan 2 is flapping between port Fa0/9 and port Fa0/24

 

All ports were PCs are connected showed the router MAC address and there was a massive Flap.

Regarding your question,

No, there is not a static ARP entry for this MAC address / Port... but this is L2 switch and this entry may not affect the normal switch operations.

Paolo

 

 

Cisco Employee

could you please check if

could you please check if this is happening with only one host? or if you remove this host and  connect any other laptop you see the similar behaviour?

 

Community Member

Can you try to execute the

Can you try to execute the following step :

1) You must execute the telnet to the router and you can execute the ping the 10.124.0.104 with the command :
 ping 10.124.0.104 repeat 1000
2) You must execute the telnet on your host and ping the 10.124.0.254 with the command :
 ping 10.124.0.104 -t if the OS is Windows or
 ping 10.124.0.104 if the OS is Unix
3) You must execute the telnet on your switch and you must verify the log about the MACFLAP

Can you post the config about your interface of the router ?

Can you modify the configuration about your switch on the port Fa0/24 and put the port in trunk with only vlan 2 ?

 

Community Member

1) Successfull2) Successfull3

1) Successfull

2) Successfull

3) No MAC Flap, as I told it is something that happen in an unpredictable way.

 

interface GigabitEthernet0/0
 description LAN interface
 ip address 10.124.0.254 255.255.255.0
 ip access-group FASTENTERING in
 ip access-group FASTEXITING out
 ip nat inside
 ip virtual-reassembly in
 duplex auto
 speed auto

 

As you see, port is not a trunk and even in the switch it is simple access on vlan 2.

 

Vlan 1 is not used at all.

 

interface FastEthernet0/24
 switchport access vlan 2
 spanning-tree portfast
end

 

Paolo

 

 

Cisco Employee

Whats the reason to have

Whats the reason to have portfast configuration on the port which is connecting to the router?

 

Community Member

Router is an host for the

Router is an host for the switch.

Since there are no loops, it let the link go in forwarding state faster.

I tried with or without this porfast. It doesn't change the behaviour.

 

Paolo

Community Member

The switch is a Cisco vendor

The switch is a Cisco vendor ? If yes you can enable the DAI (Dynamic Arp Inspection) ?

Community Member

Can you please give me some

Can you please give me some guidelines that will only log warnings instead of block?

It is a 2960.

Thanks,

Paolo

 

Community Member

if you want, you must enable

if you want, you must enable the DAI on all switch in your lan environment. On all port of the switch where there is the trunk you must configure the port as trusted. See this document :

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SXF/native/configuration/guide/swcg/dynarp.pdf

 

Community Member

1) On F0/10 there is a

1) On F0/10 there is a Windows 7 PC.

2)

switchsdbud01#show mac address-table interface FastEthernet 0/10
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
   2    6c3b.e50e.0e37    DYNAMIC     Fa0/10
Total Mac Addresses for this criterion: 1
switchsdbud01#show mac address-table interface FastEthernet 0/24
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
   2    e02f.6dc1.b0f8    DYNAMIC     Fa0/24

 

3) The PC has just one nic.

 

thanks,

Paolo

1135
Views
0
Helpful
18
Replies
CreatePlease to create content