Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3899
Views
0
Helpful
21
Replies

Router Mac flapping on host interface

p.caforio
Level 1
Level 1

‎08-29-2014 05:51 AM - edited ‎03-07-2019 08:34 PM

Dear All,

I have a VERY strange problem on our offices. I'm going report the most simple case in order to let you understand better.

 

One 2960 Switch

One 2901 Router

Three PCs

Router and PCs are connected using a single straigh-throu cable.

On our swith we find sometimes the following warning:

Aug 29 12:21:28.247: %SW_MATM-4-MACFLAP_NOTIF: Host e02f.6dc1.b0f8 in vlan 2 is flapping between port Fa0/10 and port Fa0/24

 

Port 10 is phisically connected to one PC

Port 24 is phisically connected to the router

There are no loops on the switch.

 

This problem happens in other 10/12 offices with more complex infrastructure but the warning is always the same:

The Default Gatway MAC address flaps from its port to a PC port.

Obviously we already checked the PC and there are no network devices between the NIC and wall port.

Paolo

1 person had this problem
Labels:
0 Helpful
21 Replies 21

Walter Astori
Level 1
Level 1
In response to p.caforio

‎09-04-2014 12:54 AM

The switch is a Cisco vendor ? If yes you can enable the DAI (Dynamic Arp Inspection) ?

0 Helpful

p.caforio
Level 1
Level 1
In response to Walter Astori

‎09-04-2014 03:53 AM

Can you please give me some guidelines that will only log warnings instead of block?

It is a 2960.

Thanks,

Paolo

 

0 Helpful

Walter Astori
Level 1
Level 1
In response to p.caforio

‎09-04-2014 05:29 AM

if you want, you must enable the DAI on all switch in your lan environment. On all port of the switch where there is the trunk you must configure the port as trusted. See this document :

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SXF/native/configuration/guide/swcg/dynarp.pdf

 

0 Helpful

p.caforio
Level 1
Level 1
In response to InayathUlla Sharieff

‎09-01-2014 05:09 AM

1) On F0/10 there is a Windows 7 PC.

2)

switchsdbud01#show mac address-table interface FastEthernet 0/10
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
   2    6c3b.e50e.0e37    DYNAMIC     Fa0/10
Total Mac Addresses for this criterion: 1
switchsdbud01#show mac address-table interface FastEthernet 0/24
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
   2    e02f.6dc1.b0f8    DYNAMIC     Fa0/24

 

3) The PC has just one nic.

 

thanks,

Paolo

0 Helpful

HussainA
Level 1
Level 1
In response to p.caforio

‎03-08-2018 12:42 AM

Today I have faced same issue, having no loop in my network. I have configured CISCO catalyst 2960 with vlan 100 and a default vlan 1. First 6 interfaces are in Vlan 100, interface 0/1 connected to Media converter from ISP, the LED status of of interface 0/1 change green to amber continuously but communication was working fine but interface working on half duplex with 100 Mbps as interfaces on both devices are 1 Gigs. I assume that there is some physical fault so I changed straight cable with a cross over, by changing cable it starts barking at me on syslog server Mac Flapping on interface 0/1 (connected to Media converter)  and interface 0/3 (connected to router with live IP). 

 

It take two hour to solve the issue by changing router live IP and change all NAT entries associate with that router interface.  i have also  changed the cable back to Straight but that doesn't work to just roll back the cables. 

 

Now after the working hours I ll roll back the IP changes to see if the issue with IP or something else

 

 

 

 

 

 

0 Helpful

paul driver
VIP
VIP

‎03-08-2018 03:46 AM - edited ‎03-08-2018 03:47 AM

Hello

Mac flap can be a cause of a loop but you are say there is no possible way a physical loop can exist but it could be also due to a wifi client roaming from one Ap to another - Do you have any wifi active on this network or the others also note mac notifdcation can be tunrned off if deamed that the msg is just informational

 

Please post your config of the router and switch if applicable

 

res

Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

HussainA
Level 1
Level 1
In response to paul driver

‎03-08-2018 09:44 PM

Configurations on switch 

 

Current configuration : 88 bytes

!

interface GigabitEthernet0/1

switchport access vlan 100

switchport mode access

 

end

----

--------- Detailed Switch interface  -------------

GigabitEthernet0/1 is up, line protocol is up (connected)
Hardware is Gigabit Ethernet, address is 0064.0000.a981 (bia 0064.0000.a981)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Half-duplex, 100Mb/s, media type is 10/100/1000BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output 00:00:01, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 25000 bits/sec, 21 packets/sec
5 minute output rate 8000 bits/sec, 7 packets/sec
38482944 packets input, 18531008328 bytes, 0 no buffer
Received 15165117 broadcasts (875387 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 875387 multicast, 0 pause input
0 input packets with dribble condition detected
7249765 packets output, 1138073284 bytes, 0 underruns
0 output errors, 209141 collisions, 5 interface resets
0 babbles, 15123 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out

 

above  interface connect connected to media convetor of ISP. I don't have console rights to that device.

MAC flapping occures betwee above interface and the inteface connected to router GigabitEthernet0/3 (the following one)

 

Current configuration : 88 bytes
!
interface GigabitEthernet0/3
switchport access vlan 100
switchport mode access
end

 

GigabitEthernet0/3 is up, line protocol is up (connected)
Hardware is Gigabit Ethernet, address is 0064.0000.a983 (bia 0064.0000.a983)
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 1000Mb/s, media type is 10/100/1000BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:28, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 10000 bits/sec, 5 packets/sec
5 minute output rate 19000 bits/sec, 21 packets/sec
6768319 packets input, 1054486639 bytes, 0 no buffer
Received 29177 broadcasts (7719 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 7719 multicast, 0 pause input
0 input packets with dribble condition detected
38649483 packets output, 18612596182 bytes, 0 underruns
0 output errors, 0 collisions, 5 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out

 

 

Mac Flapping issue resolved by change IP address of router interface but the communication is still going half duplex between swtich and Media convetror

 

--------Configurations on router ---- 

Current configuration : 168 bytes
!
interface GigabitEthernet0/0
ip address 202.000.000.146 255.255.255.248
ip access-group 100 in
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
end

 

-------Detailed Router interface---- 

GigabitEthernet0/0 is up, line protocol is up
Hardware is MV96340 Ethernet, address is 0017.0000.5a18 (bia 0017.0000.5a18)
Internet address is 202.000.000.146/29
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 1000Mb/s, media type is T
output flow-control is XON, input flow-control is XON
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/227/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 55000 bits/sec, 17 packets/sec
5 minute output rate 7000 bits/sec, 8 packets/sec
24275534 packets input, 119960440 bytes, 3 no buffer
Received 13655221 broadcasts, 0 runts, 0 giants, 178 throttles
11719 input errors, 0 CRC, 0 frame, 0 overrun, 11719 ignored
0 watchdog, 0 multicast, 0 pause input
0 input packets with dribble condition detected
6764619 packets output, 1004250915 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
3705602 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out

 

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card