Host mac id is flapping between multiple ports message is showing

13jobsp90 · ‎03-19-2025

Some switches are getting the log messages Host mac id is flapping between multiple ports. Below is the sample output. Is it layer 2 looping? If so how do I find the root cause for this? Why it started and how it began?It is showing in the neighboring switches as well. So i dont where to begin? Pls help me. Switch models all are Cisco 2960S.

Mar 15 16:09:46.744: %SW_MATM-4-MACFLAP_NOTIF: Host c85a.cf0f.ba31 in vlan 82 is flapping between port Gi1/0/47 and port Gi1/0/32

Mar 15 16:09:48.081: %SW_MATM-4-MACFLAP_NOTIF: Host 0009.1844.f6bf in vlan 15 is flapping between port Gi1/0/47 and port Gi1/0/48

Mar 15 16:09:48.280: %SW_MATM-4-MACFLAP_NOTIF: Host 6400.6a1a.0c5f in vlan 34 is flapping between port Gi1/0/47 and port Gi1/0/26

Mar 15 16:09:49.439: %SW_MATM-4-MACFLAP_NOTIF: Host 88ae.dd04.aa4f in vlan 34 is flapping between port Gi1/0/48 and port Gi1/0/47

Mar 15 16:09:50.477: %SW_MATM-4-MACFLAP_NOTIF: Host c85a.cf0f.ba31 in vlan 82 is flapping between port Gi1/0/47 and port Gi1/0/32

Mar 15 16:09:50.561: %SW_MATM-4-MACFLAP_NOTIF: Host f8bc.1263.b6c6 in vlan 37 is flapping between port Gi1/0/47 and port Gi1/0/48

marce1000 · ‎03-19-2025

- A common approach is to lookup the vendor belonging to the MAC address(es) : https://macvendors.com/
Then a rule of thumb is , if these are from different vendors or random vendors, then you probably have a loop.

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

13jobsp90 · ‎03-19-2025

I know that some are desktop pcs and camera. How will I identify it?

marce1000 · ‎03-19-2025

- @13jobsp90 : So there probably is a loop , tracking down the cause can be difficult ; what I used to do is to look at the switch sending these messages or the switch sending most of the messages. Then I disabled its uplinks on the core to isolate it from the rest of the network. If the mac flapping stopped on the rest of the network, then the cause of the loop is on that switch.
Further disable port Gi1/0/47 and let the switch loose again on the network , if that helps then you must investigate the connection
and what has been done with it. Check malicious use, intended or not.
I once has a platform where someone accidently looped a connection between outlets instead of connecting them
to devices and the bpduguard would not work on that platform.
Investigate this or other possible scenario's

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

13jobsp90 · ‎03-19-2025

Even if i find the switch for that, how will I identify what is the reason for loop?

Leo Laohoo · ‎03-19-2025

Someone has installed a hub or a switch and has looped the network.

marce1000 · ‎03-20-2025

- @13jobsp90 I already provided one example which could cause a loop ,

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

sdroy · ‎03-19-2025

MAC address flapping between ports typically indicates a Layer 2 loop, often caused by misconfiguration or redundant connections in the network. Start by checking the affected MAC addresses with show mac address-table to trace their source and use show spanning-tree to ensure STP is properly configured and operating as expected. Examine the physical connections on the involved ports for any improper cabling or loops. Address redundant links by correcting STP settings or removing unnecessary connections, and consider enabling BPDU Guard on access ports to prevent accidental loops.

Shuvodip Roy