Cisco Support Community
Community Member

%SW_MATM-4-MACFLAP_NOTIF: Host 3270.990a.a504 in vlan 125 is flapping between port Fa0/21 and port Gi0/1

%SW_MATM-4-MACFLAP_NOTIF: Host 3270.990a.a504 in vlan 125 is flapping between port Fa0/21 and port Gi0/1

Please suggest me how can i fixed it ?

Cisco Employee

%SW_MATM-4-MACFLAP_NOTIF: Host 3270.990a.a504 in vlan 125 is fla

There are lots of thread discussing about this, you should do a search before creating a new post.

Anyway, this is how you approach these types of flapping:

1. Is the the given MAC flapping in the log flapping only 1 time or you see it multiple times over a reasonobly short time?

  If you see it only once or once every 2-3 hours this might be not an issue worth being investigated. Sporadic one time flapping are expected in L2 broadcast domain.

If you see it often continue to step 2.

2. Identify and locate the flapping mac in vlan 125: 3270.990a.a504

Is the mac of a dual-homes server using some kind of load balancing algorithm (active/active) for which the same address is used from both NICs?

If yes, the message is not and issue but just an indication. Fix this type of LB (make it active/standby or make sure the server uses 2 different mac addresses, one per NIC) or if it is not possible leave it like this.

3. Is the MAC a the wireless NIC of a PC?

Make sure that the user was not moving from one AP to another (flapping is normal in this case)

4. If all previous answers are no start checking STP in vlan 125. Do you see an increasing number of TCNs  > type

show spanning-tree vlan 125 detail MULTIPLE TIMES and look for  topology changes number

VLAN0005 is executing the rstp compatible Spanning Tree protocol

  Bridge Identifier has priority 32768, sysid 5, address 0024.5043.c700

  Configured hello time 2, max age 20, forward delay 15, transmit hold-count 6

  We are the root of the spanning tree

  Topology change flag not set, detected flag not set

  Number of topology changes 1 last change occurred 3w0d ago   <<<<<<<

          from GigabitEthernet1/0/1          <<<<<<

  Times:  hold 1, topology change 35, notification 2

          hello 2, max age 20, forward delay 15

  Timers: hello 0, topology change 0, notification 0, aging 300

See if you have increasing TCN's and check if they are coming from the same interface.

From this point on you keep on troubleshooting STP until you find the offending link (likely going up and down) or the switch. You also need to check if STP in vlan125 is coherent with the actual L2 topology you have.


Community Member

Re: %SW_MATM-4-MACFLAP_NOTIF: Host 3270.990a.a504 in vlan 125 is

Thanks Riccardo for good response.

First thing i want to clear that Ports Fa0/1 & Gi 0/1 are exist one same switch. No dual server is connected to these port while port Gi0/1 connected to distribution switch & port Fa0/1 is connected to AP (AP7131 version, Motorola). Same issue(logs) occured with another APs ports which are directly connected with same Switch.

Yes i am agreed with your 3rd point.But i am not fully confident about the mac address that is mac of pc or any fake entry because no idea about the mac. When i have tried to findout the mac-add of PC but no such mac entry exist that time in switch. May be that time PC is not using Wireless connectivity.

1. Could you please explain briefly why these errors are generated with AP

2. How can i know that user is moving from one AP to another AP ?

3. How can i fixed it permanently ?

4. Would there be any impact on network these kind of errors ?

5. Any supporting documents of these kinds of errors.


Cisco Employee

Re: %SW_MATM-4-MACFLAP_NOTIF: Host 3270.990a.a504 in vlan 125 is


those are by no mean errors! they are informative messages which, in some circumnstances, can represent issues.

As I wrote in step 1, very first step is to determine how often you see a given mac flapping between 2 interfaces.

How often do you see that?

I am reiterating the concept as, according to your description, what you see can be pretty normal in your scenario.

Maybe it is worth clarifying that the message only means that a frame learned via Fa0/21 is now seen from Gi0/1. In static and stable networks traffic from a given host should always come from the same path and therefore should not be re-learned from another port. Every time a switch notices that a MAC which was previously learned from a port is now seen and learned from another one it trigeers that message as this behaviour might represent an ongoing L2 loop, but as I wrote this is not always true.

However since you have an AP connected to Fa0/21 it is likely that a host with mac 32:70:99:0a:a5:04 was connected to it for some time, and then it browsed and connected to another AP. This is why your switch started seeing traffic from that mac coming from a distribution/switch switch connected to gi0/1, as the l2 path changed.

I was not able to find the vendor of 32:70:99 as this is not an assigned OUI. Also since this is an unicast locally administered address it could besome kind of application/protocol using it.

What you have to do is

- Check in stable condition where this mac is learned from, that is following it switch by switch until you find the port. Since it comes from an AP most likely it is learned from the radio antenna of the AP. You need to check wheter this is an addressed learned over the radio or local to your motorola AP.

- Once you identify you you will be able to udnerstand why it flapped.

Having said that you will understand that the majority of your questions don't have too much sense now.. however

1. They are messages and not errors. see above why you see them.

2. Check on APs mac address table and see where that address is learned from. I don't know if your AP has some kind of mac notification feature logging all the changes. This is somethign you have to work out yourself. The focus is to first understand what is the mac address in the first place.

3. This question means nothing. If the flapping address is the mac of some kind of wireless NIC (laptop, smartphone etc.) you cannot prevent users from moving from a site to another. This is waht wireless networks are about. Still, sporadic flapping messages are expected as they just represent how the network is being utilized and you cannot fix them as there is nothing to fix.

4. The message itself has no impact. If they represent users moving from a wireless location to another there is no harm. If they are continuous and are not related to wireless networks they might indicate a L2 loop. To verify that you need to look for other symptoms which normally are associated with l2 loops: high cpu on the switches in the path, interface drops (on l2 and l3 interface, if present), increasing STP TCNs (not all the times),  unstable STP topology, unstable control plane, similar logs logged in all/many switches. Some or all symptoms can occurr.

5. plenty.... google it and spend some time reading the docs you find 


Community Member

%SW_MATM-4-MACFLAP_NOTIF: Host 3270.990a.a504 in vlan 125 is fla

Good answers Riccardo! 

I see these MACFLAP messages from time to time on networks with attached APs.  They are usually wireless clients, and they flap between the port with an AP attached, and the port with the wireless controller attached.  This makes sense, since wireless clients do roam from AP to AP, so their MAC will appear to float around from switchport to switchport.

Still, I wish there were some way to suppress these informational messages unless they happen a lot within a short period of time. "a lot" and "short" of course depend on your environment, but if I see more than a couple per second, lasting for a period of a minute, that would be a concern. Otherwise I don't want to see the messages in the log.

VIP Purple

%SW_MATM-4-MACFLAP_NOTIF: Host 3270.990a.a504 in vlan 125 is fla


Do you have stp loop prevnetion enable (bpduguard/loopguard,rootguard etc.)

What stp mode are you running?

Check your topology diagram and then on each interconect switch starting from the stp root and look for a interface that shouldn't be in a forwarding state, this error is possible due to a an loop forming.

sh int trunk

sh spanning-tree  vlan 125

Also check for any span sessions or bpdu filter ports

Lastly your interfaces where AP's are attached shouldn't be a trunked, they should be in access mode.

Also to temporary stop console mac flap messages

logging console 1



Please don't forget to rate any posts that have been helpful.


Please don't forget to rate any posts that have been helpful. Thanks.
CreatePlease to create content