02-02-2013 04:34 AM - edited 03-07-2019 11:27 AM
Hi all,
i just nned to know is is there any way to prevent network from MACflap.
The best way will be when switch will disable the interface where the macflap was detected.
I need to set this security feature on 2960s.
Thanx a lot
BR
Dave
02-02-2013 05:21 AM
Hi Dave,
what you write is not realistic. When a given MAC address is flapping it means that traffic coming from that host has changed path. If this is the case likely many switches along the path have detected such change. It does not make any sense that all switches disable ports which sees such flapping. Moreover which port is the right one to be shut? The first that learned it or the second one? It could be that a port is the one connected to the upper layer (distribution or core); if a switch shuts that down it basically gets isolated from the rest of the network.
Also, sometime mac flapping are expected wehn a dual homed device sends from multiple interfaces frames with the same virtual mac address (not recommended, but this can happen quite easily in every network).
So the best approach is another. A Mac address flapping MAY be the indication of a L2 loop; much better address it from STP perspective putting in place all the measures meant to stop or alleviate the l2 loops effect. Basically those are the STP best practises, a series of feature used for the purpose: root guard, loopguard, bridge assurance, UDLD (not specific to STP but useful for the purpose) etc.
Or move to a network without L2 redundant paths (referring to the varous implamentation of Multi chassis ether channels used by VPC and VSS or new feature such as Fabric Path).
Riccardo
02-03-2013 06:24 AM
Riccardo Simoni wrote:
Hi Dave,
what you write is not realistic. When a given MAC address is flapping it means that traffic coming from that host has changed path. If this is the case likely many switches along the path have detected such change. It does not make any sense that all switches disable ports which sees such flapping. Moreover which port is the right one to be shut? The first that learned it or the second one? It could be that a port is the one connected to the upper layer (distribution or core); if a switch shuts that down it basically gets isolated from the rest of the network.
Also, sometime mac flapping are expected wehn a dual homed device sends from multiple interfaces frames with the same virtual mac address (not recommended, but this can happen quite easily in every network).
So the best approach is another. A Mac address flapping MAY be the indication of a L2 loop; much better address it from STP perspective putting in place all the measures meant to stop or alleviate the l2 loops effect. Basically those are the STP best practises, a series of feature used for the purpose: root guard, loopguard, bridge assurance, UDLD (not specific to STP but useful for the purpose) etc.
Or move to a network without L2 redundant paths (referring to the varous implamentation of Multi chassis ether channels used by VPC and VSS or new feature such as Fabric Path).
Riccardo
Well said!
02-03-2013 07:26 AM
Very nice, thank you!
I need to know this, becouse i see this messages is some enduser directly connected to acces switch have virus in PC.
but thank you very much for response!
BR
Dave
02-04-2013 02:22 AM
I need to know this, becouse i see this messages is some enduser directly connected to acces switch have virus in PC.
Virus on PC causing MAC flapping? Can you please elaborate as I never heard of these tipes of attacks?
Riccardo
02-02-2013 03:28 PM
The only time I've seen MAC flapping is when Etherchannel is not configured properly or someone's plugged two server interfaces into two different logical/physical switches.
02-02-2013 05:32 PM
We see this when the server guys dont do their teaming correctly. They keep both interfaces active , makes it flap like crazy.
02-03-2013 12:55 PM
We see this when the server guys dont do their teaming correctly.
And when this happens, what is the first thing the server guys say?
"It's a network issue."
06-05-2022 08:35 AM
i also can can tell you that if you have two devices connected to the same vlan thy could have the same mac address this is why you should never clone mac address . On your devices thy could end up with the same address, that was my problem ! easy fix but it was my misstake
06-05-2022 09:12 AM
LOL..... totally agree with this
Infrastructure engineers are notorious for blaming everything on networks, usually after they have rolled out a patch or upgraded their servers that have for some reason messed up the teaming/LB method which has caused unnecessary interface flaps....result "NETWORK ISSUE"
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide