Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4402
Views
0
Helpful
6
Replies

MAC flapping between port

LittleApple
Level 1
Level 1

‎07-06-2020 08:43 PM

I am keep receiving a MACFLAP notification from switch log.

Po1 is uplink and Gi0/6 connecting with an AP which facing wireless partition, and the MAC addresss xxxx.xxxx.xxxx is my gateway MAC address and I prefer it go through interface Po1. But I cannot identify what device connecting through wireless that cause this problem.

Now I had added a static binding to solve this problem, but any idea that can be better to solve this issue ? Thank you.

"mac address-table static xxxx.xxxx.xxxx vlan 94 interface Port-channel1"

I had tried to added below mcl but seem not work.

mac access-list extended block
deny any host xxxx.xxxx.xxxx
deny host xxxx.xxxx.xxxx any
permit any any
!
interface GigabitEthernet0/6
mac access-group block in

 

 

.Jul 7 11:21:45 HKG: %SW_MATM-4-MACFLAP_NOTIF: Host xxxx.xxxx.xxxx in vlan 94 is flapping between port Gi0/6 and port Po1
.Jul 7 11:22:01 HKG: %SW_MATM-4-MACFLAP_NOTIF: Host xxxx.xxxx.xxxx in vlan 94 is flapping between port Gi0/6 and port Po1
.Jul 7 11:22:16 HKG: %SW_MATM-4-MACFLAP_NOTIF: Host xxxx.xxxx.xxxx in vlan 94 is flapping between port Gi0/6 and port Po1
.Jul 7 11:22:31 HKG: %SW_MATM-4-MACFLAP_NOTIF: Host xxxx.xxxx.xxxx in vlan 94 is flapping between port Gi0/6 and port Po1
.Jul 7 11:22:47 HKG: %SW_MATM-4-MACFLAP_NOTIF: Host xxxx.xxxx.xxxx in vlan 94 is flapping between port Gi0/6 and port Po1
.Jul 7 11:23:12 HKG: %SW_MATM-4-MACFLAP_NOTIF: Host xxxx.xxxx.xxxx in vlan 94 is flapping between port Gi0/6 and port Po1
.Jul 7 11:23:15 HKG: %SW_MATM-4-MACFLAP_NOTIF: Host xxxx.xxxx.xxxx in vlan 94 is flapping between port Gi0/6 and port Po1

Labels:
0 Helpful
6 Replies 6

balaji.bandi
Hall of Fame
Hall of Fame

‎07-07-2020 12:38 AM

It is very normal on the switch to display this mac flapping message if APs are connected to the switch port. The reason for this is due to the fact that switch learns of a particular clients mac from one particular port to which the AP is connected to. Now when the wireless client roam to other AP.

 

we need to look is there any impact on the services, if not we need to ignore this message.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

LittleApple
Level 1
Level 1
In response to balaji.bandi

‎07-07-2020 06:43 PM

I think my situation is different with what you are talking. In my situation the flapping MAC is not belong to a wireless client and I am sure that the flapping MAC is belong to my network gateway. In normal situation, the MAC can only come through from the interface Po of switch and it can't be come from Gi0/6. So, I guess there might a client connected a unknown device that cause the gateway MAC address also loop from wireless side interface.
So, my question is if there is any best practice that can block the gateway MAC come from AP instead of adding a static MAC binding in the switch ? I just added a static binding in the switch which facing the AP and the log messages stopped, but the flapping log still occur in the inter-switch which beteen the access switch and gateway. And I am not prefer to add a MAC binding in each inter-switch. Thanks.

router gateway<------> inter-switch <------> Po1 switch Gi0/6 <------> AP
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to LittleApple

‎07-08-2020 12:36 AM

is this known MAC Address which can be traced? or unknown here?

 

Do you have in the network any other path or dual connected anywhere, you see other than mentioned in the diagram flow you mentioned in the post.

 

can you please give us more details about the device, AP model, Switch, Interswitch, router model along with version of code running.

 

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

LittleApple
Level 1
Level 1
In response to balaji.bandi

‎07-08-2020 01:00 AM

It is a known MAC address and can be traced. The AP between gateway just a L2 trunk and the AP is a third party AP, I am sure it doesn't form a loop topology within my known network devices.
I expected there are wireless client connected to the AP only. But I am not sure if there is any unauthorised device connected to the AP that casue the gateway MAC address flapping.
I am sure this issue occur in some day and it doesn't happen before, because I am keep track on the logging.

router gateway<------> inter-switch <------> Po1 switch Gi0/6 <------> AP
0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to LittleApple

‎07-08-2020 02:05 AM

Hello @LittleApple ,

to see the gateway MAC address as source on the AP port and causing so the flapping there should be a device that is performing bridging between the wired interface and the wireless one . In that case when the gateway makes an ARP request for example from the wired portion of the network the bridging device can propagate it to the wireless causing the flapping.

 

For the moment the static mapping is a good solution. You need to examine all the wireless clients and to see if anyone is also bridging with the wired network.

 

Hope to help

Giuseppe

 

0 Helpful

LittleApple
Level 1
Level 1
In response to Giuseppe Larosa

‎07-08-2020 03:16 AM

Thank you for your replied. I am looking for if there is any prevention to avoid this situation instead of using static mapping as a temp solution.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card