Showing results for 
Search instead for 
Did you mean: 

STP - Mac Flapping


Hello All,

I am new to STP, and i am facing some issues in my network.

I have 2 3750X Switch in Stack,

In logs i am frequently getting MAC Flapping log, while searcing on Internet i am getting only that it's a L2 Loop but no resolution.

Please guide me what should be the Next step for me to resolve the issues asap.

9 Replies 9

Sandeep Choudhary
VIP Mentor VIP Mentor
VIP Mentor

can you post the logs :

Host flapping and mac-address flapping can be from server or host end at  nic level configuration of teaming (load balancing feature) just check  it out the Teaming configuration at server or host level is  active/passive and then check the behavior.


There could be multiple things that can cause MAC flapping.

Take a look at this paper


Hope it helps

Hello, I have gone through the Document, i think its not issue from any Server Side also we are not using any teaming.

But i have got some output from the Document -


DC-L3#sh mac address-table dynamic int g1/0/2

          Mac Address Table


Vlan    Mac Address       Type        Ports

----    -----------       --------    -----

520    5475.d024.82f7    DYNAMIC     Gi1/0/2

520    ec30.91e2.9600    DYNAMIC     Gi1/0/2

520    ec30.91e2.dd40    DYNAMIC     Gi1/0/2

Total Mac Addresses for this criterion: 3


DC-L3#sh mac address-table dynamic int g1/0/4

          Mac Address Table


Vlan    Mac Address       Type        Ports

----    -----------       --------    -----

820    ec30.91e2.9600    DYNAMIC     Gi1/0/4

Total Mac Addresses for this criterion: 1


why the mac address ec30.91e2.9600 is showing on bioth ports.

Logs as Below -


Mar  1 17:05:44.413: %SW_MATM-4-MACFLAP_NOTIF: Host ec30.91e2.9600 in vlan 820

is flapping between port Gi1/0/1 and port Gi1/0/4

*Mar  1 17:05:44.413: %SW_MATM-4-MACFLAP_NOTIF: Host ec30.91e2.9600 in vlan 520

is flapping between port Gi1/0/3 and port Gi1/0/2


Can you put the result of these commands:

sh run int gi1/0/2

sh run int gi1/0/4


interface GigabitEthernet1/0/2

switchport access vlan 520
switchport mode access
no keepalive

DC-L3#sh run int g1/0/4
Building configuration...

Current configuration : 128 bytes
interface GigabitEthernet1/0/4

switchport access vlan 820
switchport mode access


WHAT is connected on these ports??

I would suggest to configure port security on both ports.

configure terminal

interface interface

switchport   port-security

switchport   port-security maximum value --> How many mac you want to allow

switchport   port-security mac-address mac-address--> you can assign a static mac address to thi port.


switchport   port-security mac-address sticky

switchport   port-security violation shutdown



G1/0/1   Towards DC Vlan 820

G1/0/2 Towards DC Vlan 520



Vlan 820

Vlan 520

Vlan 520

Vlan 820



G1/0/3   Uplink to Port G1/0/4

G1/0/4 Uplink to Port G1/0/3

DC - Datacentre Switches which we dont have sccess

We have made a L2 Loop from Port G1/0/3 to Port G1/0/4, becuase our Switch does not Supports Multicast Routing & we wanted to Forward the Multicast of Vlan 520 to Vlan 820.

Hope you have understand our Scnario

Hi Rajput

Error messages are expected as the same mac is being learned from two different ports & in two different VLAS.

Mar  1 17:05:44.413: %SW_MATM-4-MACFLAP_NOTIF: Host ec30.91e2.9600 in vlan 820

is flapping between port Gi1/0/1 and port Gi1/0/4 

Suppose switch is learning MAC:ec30.91e2.9600 on VLAN820 on port G1/0/1.  By default it propagates that information to all access ports in same VLAN.  So this information goes out of port G1/0/4 and reachs the same switch through port G1/0/3 but in different VLAN this time.  Hence swith is confused and generating error. 

I think till the time your multicast traffic is working properly then you can ignore these errors. 

But this is not a good design.



Thanks, can understand it's not a good Design. Will try to upgrade the switch but for the meanwhile is there any option to ignore or Block the mac to learn on diffrent ports.

Hi Rajput

I have not tried but you can try command suggested by Sandeep to learn static mac from one port.

But if you will do that then you may block traffic on the looped interface.  As after being configured for learning single mac it will not be able to learn more mac addresses and will not be able to forward traffic.

It is interesting. I would suggest you to try/test this in lab environment or on standalone switch before implementing to production.



Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers