Hi Mark,

no they are all wired.

The interesting thing is: I can see the Mac flapping in the loggs, i have some timeouts, did an ip scan on all subnets seperated but i cant find an IP matching to the mac....

Hi I did see an issue before with faulty NIC causing something like this

instead of port scan try and  trace the mac at layer 2 see where its coming from on the switch itself , where its being learnt in , if its on the CAM table and logs it has to be somewhere on the switch or devices

example

#sh mac address-table address f01f.af60.9730

Legend: * - primary entry
        age - seconds since last seen
        n/a - not available
        S - secure entry
        R - router's gateway mac address entry
        D - Duplicate mac address entry

Displaying entries from active supervisor:

     vlan   mac address    type   learn    age                 ports
----+----+---------------+-------+-----+----------+-----------------------------
*     164 f01f.af60.9730  dynamic  Yes       10     Gi7/20

Displaying entries from standby supervisor:

     vlan   mac address    type   learn    age                 ports
----+----+---------------+-------+-----+----------+-----------------------------
      164 f01f.af60.9730  dynamic  Yes      120     Gi7/20

Hi Marc,

i tried it and got this result:

138 0800.069d.3841 dynamic Gi1/0/19

Hi Marc,

it is physical linked to a different vlan (137) on port Gi1/0/10 (edit: with a different ip address)

The mac, what i can see from IP scan and Mac, which should be connected to port 19 is a different one. See attached file

Ok so there is 2 physical links for that device 1 connecting to port 19 and 1 connecting to port 10 is that correct ?

 if that's the case the MAC could be broadcasting out at layer 2 out to both interfaces telling the switch its being learnt in from its seeing it multiple ports which would cause mac flap alerts

when you check the actual port mac what does it see on the cli a the mac being learnt in from port 10 with the show mac address .....

to me this looks like some vendor issue with the nics and how they are speaking to other , it may be legitimate how they do this and they may have to do this , MAC flaps do not always mean theres a problem its more informational for the engineer to check incase there is an issue , if you have multiples aps on 1 switch with users roaming you can see the same alerts in logs warning you but its not necessarily an issue so main question .. is this causing an operational issue at user level ?

You can stop it floofing your logs with no mac-address-table notification mac-move if its not causing an issue

right,

we have some field devices for processing which Show this Problem and getting timeouts.

i tried the

#sh mac address-table address f01f.af60.9730

again with both mac addresses which i was expecting from the two nics of that device.

Both are right. On port 10 and on port 19.

In Addition to that i see the mac 0800.069d.3841 jumping from port to port (16/17/18/19/21) see atached file.

It should not be doing that , that's a vendor issue MACs are broadcast from the NIC the switch adds it wherever it learns it so its doing what it should be in theory  , you need to pass that to the vendor that the device is off and tell them its being dynamically learned in multiple ports from there devices which is causing intermittent issues , you have the proof there from your last screenshot

One thing that might quickfix is it , is make the mac static so it cant be learned dynamically through the ports , so the switch believes it belongs to 1 port only

example

mac address-table static 0000.0000.0001 vlan x interface gx/x

That could be a quickfix for this issue.

I crosschecked it and we have this kind of issue in different areas. In all other area it is also working with this kind of mac flap. Not in this amount (between 5 Ports, only 2 Ports).

I need to figure out why i have this timeouts for this devices. Even some server having this issue with the timeout.

 Ithought it was the flapping but as yoou said before it is just a hint and not an error

The Problem is that i dont know the device of that mac 0800...... i just know that this is flapping. The orignial nics, connected at our devices are located on the right port on the switch. in addition to that there's one mac flapping over all ports -.-

 But i think you are right. I'll try to get the vendor 🙂

Cool if you don't mind and you get a fix please post back im very interested now on what could be causing this

Hey @Mark Malone 

How can we fix it? Is this normal? I'm having same logs on my switch. They're all wifi users and I'm running STP RSTP.