Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2793
Views
10
Helpful
7
Replies

MAC address Flapping between 2 ports in switch

Go to solution
W-ALI
Level 1
Level 1

‎12-28-2022 12:02 AM

Hello All,

I found Fluctuating Performance just  in 1 switches (C2960) connected with PCs by F0/X ports and connected to core-Switch by up-link G0/1,

the effected PCs , just on this switches , no issue with other switches with same VLAN

as per attached print-screen there's MAC flapping between the up-link  and PC connected to port F0/1(OS windows7)

this mac related to interface VLAN created on Core-Switch

# show interfaces vlan 5
Vlan5 is up, line protocol is up
Hardware is EtherSVI, address is 001a.a2ad.9147 (bia 001a.a2ad.9147)


I think that's mean there's MAC spoofing attack .

my questions :

- does that mean there's some one use attacking tools , or maybe there's network virus ?

- does there any solution on switch to avoid that in future except the port security ?

flapping-2.png

 

 

Labels:
Preview file
451 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
MHM Cisco World
VIP
VIP
In response to W-ALI

‎12-28-2022 05:53 AM - edited ‎12-28-2022 06:34 AM

if this is SVI of VLAN is GW then you can under hack, the PC want to change the port of MAC of GW to be through it, and hence can sniff all data toward the GW. 
what you need is DAI, which block any MAC-IP from port that not match DHCP or match DAI static ACL. 

View solution in original post

7 Replies 7

Go to solution
MHM Cisco World
VIP
VIP

‎12-28-2022 03:20 AM

If this MAC is for VLAN then check if you assign same IP for SVI of VLAN in Access and Core.  

0 Helpful

Go to solution
W-ALI
Level 1
Level 1
In response to MHM Cisco World

‎12-28-2022 05:28 AM

NO

not assign same IP

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to W-ALI

‎12-28-2022 05:33 AM

if you run VM then it can happened that the broadcast is flood between the two ports of VM and hence you get this flapping message. 
check if your user is connect to Core SW also. 

0 Helpful

Go to solution
W-ALI
Level 1
Level 1
In response to MHM Cisco World

‎12-28-2022 05:50 AM

No VM connected on this switch , the port F0/1 connected to PC (OS windows 7)

not all users on  VLAN 5 effected , just whom connected to this switch.

does there any virus can do that?

Go to solution
MHM Cisco World
VIP
VIP
In response to W-ALI

‎12-28-2022 05:53 AM - edited ‎12-28-2022 06:34 AM

if this is SVI of VLAN is GW then you can under hack, the PC want to change the port of MAC of GW to be through it, and hence can sniff all data toward the GW. 
what you need is DAI, which block any MAC-IP from port that not match DHCP or match DAI static ACL. 

Go to solution
W-ALI
Level 1
Level 1
In response to MHM Cisco World

‎12-28-2022 07:06 AM

yes I agree with you , thank you very much.

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to W-ALI

‎12-28-2022 07:07 AM

You are so so welcome 

0 Helpful
Customers Also Viewed These Support Documents