cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6221
Views
0
Helpful
12
Replies

%SW_MATM-4-MACFLAP_NOTIF: Host 0000.0000.fe01 in vlan 122 is flapping between port Gi1/0/8 and port Gi1/0/5

pramz087032
Level 1
Level 1

These interfaces are connected to firewalls of nokia running IPSO and using VRRP for high-availability. Result of arp command is null.

12 Replies 12

sganpat
Level 1
Level 1

Try using the global command:

mac address-table static 0000.0000.fe01 vlan 122 interface GigabitEthernet1/0/8 GigabitEthernet1/0/5

Sachin

Thank You.

I had the same problem and, these recomendation solve the problem. It was very helpfull !!!!!

 

 

 

Ajay Raj
Level 1
Level 1

Hi Pramod,

Can you tell me where these MAC addresses are connected, if these are connected through Access points. When the device is roaming MAC Flap can happen

Hi Ajay,

As mentioned - The connected device is firewall running Nokia IPSO - An OS for firewall.

And Aside.Sachin,

Do you want me to assign mac statically to those interfaces? Is it not a kind of firewall cluster advertisement.

Yes. Statically assign a mac table entry for those interfaces. This is similar to the configuration that I had to do for Microsoft Load Balancing service.

Sachin

Sganpat, so for Server Load Balancing schemes, if you experience MAC flaps, would it be best to do what you mentioned above?

Just mac a static MAC address entry for the VLAN going to two interfaces?

mac address-table static 01cc.01cc.01ce vlan 100 gi0/1 gi0/2 >>>> For Example

Yes. Only if the server load balancing uses a single MAC address, or multicast address.

See: http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_example09186a0080a07203.shtml

Sachin

So, Is the 0000.0000.fe01 MAC address of FW Interface?

No, it's not the FW interface. It's the interface for the Virtual IP for the two firewalls.

devils_advocate
Level 7
Level 7

Can you post a diagram of your config?

Sounds like there may be an issue with your VRRP config on the firewalls and both are acting as the Master meaning they are both responding to ARP requests for the VRRP virtual mac address.

Difficult to post a daigaram. In brief - Even i was suspecting it to be VRRP issue in firewall. And even the MAC

0000.0000.fe01 might be of Virtual IP of firewall. Is it possible to elobrate with example from your end. That would ease in better understanding.

And sganpat - Its live scenario. Cant run command wihtout change approval.

Hello

Are you using nat?


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Review Cisco Networking for a $25 gift card