cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1262
Views
1
Helpful
13
Replies

Network Loop

remmus
Level 1
Level 1

I'm having a problem with my current network. currently we are experiencing a network loop. here is a part of the log.

0000.e24c.f463 has moved from port 22 to port 20 in vlan1

%RTD-1-ADDR_FLAP: FastEthernet0/19 relearning 5 addrs per min

Port 19 is connected to our firewalls internal interface, and as indicated from the recommended way to find the source port, here is what comes out of the log."http://www.cisco.com/en/US/products/hw/switches/ps628/products_configuration_guide_chapter09186a008007e927.html"

switch # debug ehternet-controller addr

May 1 03:52:33.454 UTC: 0000.e24c.f463 has moved from port 29 to port 20 in vla

n 1

May 1 03:52:33.454 UTC: Add address 0000.e24c.f463, on port 22 vlan 1

May 1 03:52:33.459 UTC: 0000.e24c.f463 has moved from port 20 to port 22 in vlan 1

May 1 03:52:34.009 UTC: Add address 00b0.d0d2.933e, on port 29 vlan 1

May 1 03:52:34.649 UTC: Add address 0006.5b1f.bedc, on port 29 vlan 1

May 1 03:52:37.391 UTC: Add address 0000.e24c.f463, on port 20 vlan 1

May 1 03:52:37.391 UTC: 0000.e24c.f463 has moved from port 22 to port 20 in vlan 1

unfortunately, there is no i don't know what the port here means. My switch only has 24 ports so I'm wondering why there is a port 29 in the log.

May 1 03:52:42.792 UTC: Add address 00c0.4f18.b9fb, on port 29 vlan 1

May 1 03:52:43.400 UTC: Add address 0000.e24c.f463, on port 20 vlan 1

May 1 03:52:43.400 UTC: 0000.e24c.f463 has moved from port 22 to port 20 in vlan 1.

I hope you guys can help me on this.

Any help is much appreciated.

Thanks.

13 Replies 13

milan.kulik
Level 10
Level 10

Hi,

it seems to me like the debug output might be using ifIndex (see http://www.cisco.com/warp/public/477/SNMP/snmp_ifIndex40700.pdf) instead of the interface name.

Regards,

Milan

I see this all the time in our warehouses as wireless devices move between access points that connect to different distribution switches. In that case its normal. look in the arp table on the gateway router and find out what these devices are.

Sad to say I don't have any wireless device here in my turf. just plain cisco switches and workstations. Thanks for the help. I'm trying to narrow down the error to some switches only.

All it takes is for someone to move their laptop to a conference room or some other location that what put them on a different switch. It would still help to identify the hosts.

If you really think its a switching issue then you need to look at the switch topology and see if you have any uncontrolled loops.

vincent-n
Level 3
Level 3

From your output I can see that the MAC address 0000.e24c.f463 is looping between port 20 and 22 in a regular interval timestamps. I definitely think that you have a looping problem here I would suggest the following:

1. Carry out "show cdp neigh" on your 24 ports switches and work your way around the switches and see if there are loops or not. Draw yuor LAN topology as accurate as you can (including the physical port number).

2. If there are no loop in your switches then I think the problem is due to dual NIC installed in a PC that is connected to port 20 and 22 on your 24 ports switch.

Good luck.

I have seen this same message in our network. I've drawn out

the network and there are no dual connections between the

two switches where the actual machine is and the reported port

where the switch is hearing the 2nd announcement. The

machine was moved from one location to another in a building

across the street. It's been there for months.

Same here. I opened a case with TAC and, basically, it was

determined that this was normal behavior on the 2900xl FEC

implementation. The developers should have shut these messages

off. I just ignore them.

Are you running VLANs on those switches, and how many?

What are the loads on those switches? If you are hitting extremely high loads, the switch may go into full-flood mode, basically emulating a hub with no regard to VLAN settings (all traffic out all ports).

Not necessarily a likely scenario, but possible.

Good Luck

Scott

no VLANs whatsoever. All switches are running w/ their standard configurations. Do you guys think that the TACACS configuration could be causing overhead on the switches? Does VTP mode become a factor here, like all switches are running in VTP Server mode.?

Well, I don't think it has anything to do with TACACS config. Have you looked if there isn't a device on your net that does proxy-ARP? Cause that could give a lot of problems simular to this one. I had a simular problem ones when a incorrectly configured PIX firewall did porxy-ARP for all inside adresses. Also had a simular problem with some PDA's, which did proxy all HSRP hello packets from the backbone routers.

My advice would be to grab a sniffer and see what kind of traffic is giving this behavior. Hope this helps.

Regards,

Leo

Hi all,

I have setup a sniffer and found what the hopping address is. The Mac address belongs to our DHCP Server

May 1 03:52:33.454 UTC: Add address 0000.e24c.f463, on port 22 vlan 1

May 1 03:52:33.459 UTC: 0000.e24c.f463 has moved from port 20 to port 22 in vlan 1

what do I do next ? Do i Have to unplug the server from the network? Does this mean that this is the source of the loop.

Hi,

Which interface is your DHCP server connected to?

If it is interface 22, then go and have a look to the equipment on interface 20, cause there propably is another device proxy-ARP'ing on that interface (Proxy-ARP for the DHCP server IP address). *and off course the other way around if your DHCP server is on interface 20

Or could it be that your DHCP server has two interfaces connected to interface 20 and 22?

What clearly is happening on your switch is that the swictch sees the source MAC address 0000.e24c.f463 on both interface 20 and interface 22. If possible, let us know what is connected to these interfaces, and take a look at these components attached to them (one of them could be your DHCP server). Specially look at these components to see what the MAC adresses it should use (for example, on windows200 you would use ipconfig /all to determine this).

Still sounds like a Proxy-ARP issue to me, or some redundant connected divice, which does not understand STP or something like that. Not really a problem with your switch, if you asked me.

Hope this helps,

Leo

johnthanmoor
Level 1
Level 1

Hi, I worked on a problem with similar symptoms caused by a FEC missmatch where the server was configured as a 2 Port FEC for fault tollerance (Intel ANS) but the switch end was not. This created a lot of CAM state changes much like you are experiencing.

Thx, J.

Review Cisco Networking for a $25 gift card