Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

%SW_MATM-4-MACFLAP_NOTIF: Host 0000.0000.fe01 in vlan 122 is flapping between port Gi1/0/8 and port Gi1/0/5

These interfaces are connected to firewalls of nokia running IPSO and using VRRP for high-availability. Result of arp command is null.

Everyone's tags (6)
10 REPLIES
New Member

%SW_MATM-4-MACFLAP_NOTIF: Host 0000.0000.fe01 in vlan 122 is fla

Try using the global command:

mac address-table static 0000.0000.fe01 vlan 122 interface GigabitEthernet1/0/8 GigabitEthernet1/0/5

Sachin

New Member

%SW_MATM-4-MACFLAP_NOTIF: Host 0000.0000.fe01 in vlan 122 is fla

Hi Pramod,

Can you tell me where these MAC addresses are connected, if these are connected through Access points. When the device is roaming MAC Flap can happen

New Member

%SW_MATM-4-MACFLAP_NOTIF: Host 0000.0000.fe01 in vlan 122 is fla

Hi Ajay,

As mentioned - The connected device is firewall running Nokia IPSO - An OS for firewall.

And Aside.Sachin,

Do you want me to assign mac statically to those interfaces? Is it not a kind of firewall cluster advertisement.

New Member

%SW_MATM-4-MACFLAP_NOTIF: Host 0000.0000.fe01 in vlan 122 is fla

Yes. Statically assign a mac table entry for those interfaces. This is similar to the configuration that I had to do for Microsoft Load Balancing service.

Sachin

%SW_MATM-4-MACFLAP_NOTIF: Host 0000.0000.fe01 in vlan 122 is fla

Sganpat, so for Server Load Balancing schemes, if you experience MAC flaps, would it be best to do what you mentioned above?

Just mac a static MAC address entry for the VLAN going to two interfaces?

mac address-table static 01cc.01cc.01ce vlan 100 gi0/1 gi0/2 >>>> For Example

New Member

Re: %SW_MATM-4-MACFLAP_NOTIF: Host 0000.0000.fe01 in vlan 122 is

Yes. Only if the server load balancing uses a single MAC address, or multicast address.

See: http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_example09186a0080a07203.shtml

Sachin

New Member

%SW_MATM-4-MACFLAP_NOTIF: Host 0000.0000.fe01 in vlan 122 is fla

So, Is the 0000.0000.fe01 MAC address of FW Interface?

New Member

%SW_MATM-4-MACFLAP_NOTIF: Host 0000.0000.fe01 in vlan 122 is fla

No, it's not the FW interface. It's the interface for the Virtual IP for the two firewalls.

%SW_MATM-4-MACFLAP_NOTIF: Host 0000.0000.fe01 in vlan 122 is fla

Can you post a diagram of your config?

Sounds like there may be an issue with your VRRP config on the firewalls and both are acting as the Master meaning they are both responding to ARP requests for the VRRP virtual mac address.

New Member

%SW_MATM-4-MACFLAP_NOTIF: Host 0000.0000.fe01 in vlan 122 is fla

Difficult to post a daigaram. In brief - Even i was suspecting it to be VRRP issue in firewall. And even the MAC

0000.0000.fe01 might be of Virtual IP of firewall. Is it possible to elobrate with example from your end. That would ease in better understanding.

And sganpat - Its live scenario. Cant run command wihtout change approval.

2487
Views
0
Helpful
10
Replies