Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Mac flapping

Two clients (PC's) -> 2960 -> WGB (1242) -> LWAPP (1131) -> 4505 -> WLC

I have two clients (Fa0/1 & Fa0/5) on a 2960 switch and one WGB (1242) connected on Gi0/1 of the same switch. The WGB thats connected to my switch and supports my two clients connects to an LWAPP (1131). I am getting the following error message on the 2960 connected to the WGB:

%SW_MATM-4-MACFLAP_NOTIF: Host xxxx.xxxx.abcd in vlan 20 is flapping between port Gi0/1 and port Fa0/5

%SW_MATM-4-MACFLAP_NOTIF: Host xxxx.xxxx.dcba in vlan 20 is flapping between port Gi0/1 and port Fa0/1

The WGB does not roam. I've tried several different laptops, different 2960's and multiple IOS versions. Any ideas on this?

7 REPLIES
VIP Purple

Re: Mac flapping

HI Jay,

A MAC Flap is caused when a switch receives packets from two different interfaces with the same source MAC address. If you are getting the behaviour for a lot of other MACs, that most likely is a layer 2 loop.

  • Check the network switches for misconfigurations that might cause a data-forwarding loop.
  • If you aren't running spanning-tree, turn it on.
  • To track down a loop, you start with the #show mac-address-table address [flapping mac] command
  • We see that the MAC is coming in on port gi0/1 - fa0/5 and gi0/1-fa0/1. One port will lead us to where that MAC is plugged in and the other will lead us to the loop. Pick a port and start working through.
  • Or Some load balancing techniques can send traffic to both ports, and that would cause the switch to go crazy, since it is receiving traffic from the same MAC on two or more different ports.
  • Fix this type of LB make it active/standby or make sure the server uses 2 different mac addresses, one per NIC

You can use port-security feature to avoid such kind of this issues,

Use the switchport port-security interface configuration command without keywords to enable port security on the interface. Use the keywords to configure secure MAC addresses, sticky MAC address learning, a maximum number of secure MAC addresses, or the violation mode.

Use the no form of this command to disable port security or to set the parameters to their default states.

switchport port-security [aging] [violation {protect | restrict | shutdown | shutdown vlan}]

Hope it helps.

Regards

Community Member

Re: Mac flapping

Thanks for the reply sandeepchoudhary21,

Even if I use a single client on the switch, it always flapps with the Gi0/1 interface connected to the WGB. I'm not using etherchannels and spanning-tree is turned on. If I unplug the 2960 connected to the WGB and connect it to a switch on the same network all mac flapping stops. If I plug a single client into the WGB without using the switch, all mac flapping stops. If I unplug all clients and leave just the switch connected to the WGB, all mac flapping stops.

1 client -> 2960 -> WGB -> LWAPP -> Core --- mac flapping

1 client -> WGB -> LWAPP -> Core --- no flapping

2960 -> WGB -> LWAPP -> Core --- no flapping

1 client -> 2960 -> 2960 -> Core --- no flapping

VIP Purple

Re: Mac flapping

Normally WGB advertise its bridge table via IAPP to upstream device. I think when bridge table ageout, it will learn the MAC address from upstream.

If you could try adding permenant entry on your WGB for the client behind WGB we can confirm this. You can use follwing CLI syntax to do this. "show bridge" output in your WGB will give you necessary detail to configure it

bridge  address  forward 

Give it a try & see whether it helps

Also read these two post which may help you as well.

http://mrncciew.com/2013/06/16/ios-ap-wgb-with-multiple-vlan/

http://mrncciew.com/2013/06/16/unified-ap-wgb-with-multiple-vlan/

HTH

Rasika

**** Pls rate all useful responses ****

Community Member

Re: Mac flapping

Thanks for the reply rasikanayanajith,

I added the static mac entry into the WGB for the client that was mac flapping on the 2960. I let the command run overnite to see if it helped. It did seem to supress the flapping however every hour it flapped then 20 minutes or so it flapped again. This continued all through the night and untill I arrived. Different clients (laptops) I've tested however flapped at different rates. However I noticed I added the mac of the client in the WLC because we use mac-filtering for this WLAN. As soon as I took the clients mac out of the WLC all traffic stopped. I then took the no bridge 1 address xxxx.xxxx.xxxx forward Fa 0.20 command out and the client resumed connectivity with mac flapping. 

Is there something I need to try on the WLC or LWAPP ap I'm connected to?

Message was edited by: John Martin

VIP Purple

Re: Mac flapping

Hi John,

Is it possible to test this with a WLAN which is not using MAC Filterning. I would like to test whether  adding the client MAC address in WLC MAC-Filtering table could cause this ?

HTH

Rasika

**** Pls rate all useful responses ****

Community Member

Mac flapping

Rasika,

I tried it on another WLAN that does not have mac-filtering at the WLC level. I'm still getting the same issue. Should I try a static mac for the clients port on the 2960 instead?

Community Member

Re: Mac flapping

I found two ways to resolve the issue. The first fix was a static mac entry mac address-table static xxxx.xxxx.xxxx vlan 20 interface fastEthernet 0/5. We did not go with this option because different wired clients will be moving on and off switch. So the second option that fixed the mac flapping and is more versatile was the following port level security commands below:

interface FastEthernet0/5

switchport access vlan 20

switchport mode access

switchport port-security maximum 1 vlan access

switchport port-security

969
Views
0
Helpful
7
Replies
CreatePlease to create content