12-05-2017 10:43 PM - edited 03-08-2019 01:00 PM
Hi,
Got this log entry, repeated many times:
connectivity between access switches (2950) Firewall (HA) active/passive .pls find attached file
.Nov 29 22:: %SW_MATM-4-MACFLAP_NOTIF: Host xxx9.xx09.0003 in vlan 2 is flapping between port Gi1/0/24 and port Gi1/0/22
.Nov 29 22:: %SW_MATM-4-MACFLAP_NOTIF: Host xxx9.xx09.0003 in vlan 4 is flapping between port Gi1/0/9 and port Gi1/0/22
.Nov 29 23:: %SW_MATM-4-MACFLAP_NOTIF: Host xxx9.xx09.0003 in vlan 3 is flapping between port Gi1/0/22 and port Gi1/0/24
.NOv 29 23:: %SW_MATM-4-MACFLAP_NOTIF: Host xxx9.xx09.0003 in vlan 4 is flapping between port Gi1/0/22 and port Gi1/0/9
2960S-SW2
.Nov 29 23:: %SW_MATM-4-MACFLAP_NOTIF: Host 0009.0f09.0003 in vlan 2 is flapping between port Gi1/0/12 and port Gi1/0/24
.Nov 29 23:: %SW_MATM-4-MACFLAP_NOTIF: Host 0009.0f09.0003 in vlan 3 is flapping between port Gi1/0/24 and port Gi1/0/10
Thanks
12-06-2017 12:34 AM
Hello,
this usually indicates some sort of a network loop. What is connected to these three ports ?
12-06-2017 05:55 PM - edited 12-06-2017 05:58 PM
Hi,
1)ciscoSw1port9===vlan4(access pot)==DellSw1port45 (access port) (vlan4 stp blk port on ciscosw1-24)
(2)ciscoSw2port12==vlan2(access pot)==DellSw1port48, (access port)
(3)ciscoSw2port9==vlan4(access pot)==DellSw2port45 (access port)
(4)ciscoSw2port10==vlan3(access pot)==DellSw2port48 (access port)
The MAC address OUI 0009.0f is for Fortinet. Is this the mac address of one of the firewalls HA uses virtual MAC addresses
Thanks
12-06-2017 08:14 AM
Hi,
Do you have Access Points connected in those ports?
Cheers,
Neo
12-06-2017 08:56 AM
12-06-2017 12:26 PM
The MAC address OUI 0009.0f is for Fortinet. Is this the mac address of one of the firewalls?
The switch is reporting that packet with listed source mac address has ingressed on a port, but that the mac address was dynamically learned on a different port. Sometimes this can be a symptom of a switching loop, but not always.
I looked at the outputs you attached. It looks like packets with fortinet source mac are coming in from G1/0/9, G1/0/12, and G1/0/10, which connect to the Dell switches. I would recommend checking the Dell switches to make sure they are not participating in a switching loop.
12-06-2017 05:51 PM - edited 12-06-2017 06:00 PM
The MAC address OUI 0009.0f is for Fortinet. Is this the mac address of one of the firewalls? HA uses virtual MAC addresses
.
I looked at the outputs you attached. It looks like packets with fortinet source mac are coming in from G1/0/9, G1/0/12, and G1/0/10, which connect to the Dell switches. I would recommend checking the Dell switches to make sure they are not participating in a switching loop.
Yes not participating in a switching loop (Dell switches are stacking)
(1)ciscoSw1port9===vlan4(access pot)==DellSw1port45 (access port) (vlan4 stp blk port on ciscosw1-24)
(2)ciscoSw2port12==vlan2(access pot)==DellSw1port48, (access port)
(3)ciscoSw2port9==vlan4(access pot)==DellSw2port45 (access port)
(4)ciscoSw2port10==vlan3(access pot)==DellSw2port48 (access port)
Thanks
12-07-2017 08:58 AM
Thanks for the additional info.
I think that Dell switches need to be checked based on what I've seen so far. Ideally we wouldn't want to see a packet from firewall coming back into 2960 switches from the Dell switches. This may mean that somehow packet from firewall is going to Dell switch and then coming back from Dell switch.
Maybe you can check if the Dell switches support a mac-move notification? If they can support it, maybe you can turn it on and see if there are any mac flaps on the Dell switches.
12-06-2017 12:29 PM - edited 12-06-2017 12:38 PM
Hello
The reason looks like your access switchports on both sw1 and sw2 going straight into a forwarding state connecting to the dells switchs and these have become stp root ports for vlan2/3/4 thus are creating the loop.
Sw1 has stp root ports for vlans (1-2-3) towards sw2
Sw1 has stp root ports for vlans (4) is port 9
Sw2 has stp root ports for vlans ( 2-3.4) towards the dells (port12 -vlan2, port 10-vlan 3, port 9-vlan4)
Can see what your dells are doing but i am assuming they are completing the loop back to sw1
Suggest :
1) set your stp prioritys so the sw1-sw2 are stp primary/secondary
2) apply stp bpduguard on the connecting dell access-ports and remove portfast is need be
3) check you dells switches so that its access-ports dont become trunks
res
Paul
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide