SW_MATM 4 MACFLAP_NOTIF

denz_cruel · ‎11-08-2012

Hi,

Can anyone help me if this is a IOS bug or error that need to be fix. See logs below.

SWITCH: cisco WS-C3750V2-24PS (C3750-IPBASEK9-M), Version 12.2(52)SE

SW_MATM 4 MACFLAP_NOTIF Host a4ba.dbxx.40fc in vlan 10 is flapping between port Gi1/0/1 and port Fa1/0/22

SW_MATM 4 MACFLAP_NOTIF Host 0025.64xx.5f5c in vlan 10 is flapping between port Gi1/0/1 and port Fa1/0/5

1.) The PC's (a4ba.dbxx.40fc and 0025.64xx.5f5c) are directly connected to the Switch on Fas1/0/22 and Fa1/0/5 using vlan access 10. To grant this PC's internet access we inlcude the mac-address in wireless guest access gateway (Mobility Anchors).

sh mac address-table | inc a4ba.dbxx.40fc

10 a4ba.dbxx.40fc DYNAMIC Fa1/0/22

sh mac address-table | inc 0025.64xx.5f5c

10 0025.64xx.5f5c DYNAMIC Fa1/0/5

2.) G1/0/1 is the WLC and PC's MAC address are now learned by WLC, see details below.

Profile Name SSID Security Policies No. of Mobility Anchors Admin Status No. of Clients

Client_Wired Client_Wired None 1 Enabled 2 <<--- (PC's)

    MAC Address        IP Address     Port   VLAN   Type
------------------- ---------------- ------ ------ ------
A4:BA:DB:XX:40:FC   10.X.X.7    2      10     Client
00:25:64:F1:XX:5C      10.X.X.8    2      10     Client

I believe that it should not flap between g1/0/1 and Fa1/0/5 & F1/0/22 coz of the mobility anchor at WLC. This is our first site with this kind of set-up so please advise if this is error message log that need to be fix on the switch or IOS bug.

Elmani Rescobillo · ‎11-08-2012

try refreshing both F ports configs it should be access and for G port for WLC is trunk and allowed vlan for WLAN and your data. and check wehther you'll still see this error.

Muhammad Thanveer · ‎11-08-2012

hi Denz,

Please provide output for

show mobility summary

If the access-point group VLAN on the anchor controller is different than the WLAN interface VLAN on the foreign controller. In this case, client traffic could be sent on an incorrect VLAN during mobility events

Regards
Thanveer
"Everybody is genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is a stupid."

denz_cruel · ‎11-08-2012

(Cisco Controller) >show mobility summary

Symmetric Mobility Tunneling (current) .......... Enabled
Symmetric Mobility Tunneling (after reboot) ..... Enabled
Mobility Protocol Port........................... 16666
Default Mobility Domain.......................... Company_Name_Example

Multicast Mode .................................. Disabled
Mobility Domain ID for 802.11r................... 0x638b
Mobility Keepalive Interval...................... 10
Mobility Keepalive Count......................... 3
Mobility Group Members Configured................ 4
Mobility Control Message DSCP Value.............. 0

Controllers configured in the Mobility Group
MAC Address        IP Address       Group Name                        Multicast                    IP     Status
1c:df:0f:xx:3d:c0 10.x.23.21     Company_Name_Example               0.0.0.0                             Up
64:00:f1:xx:49:c0 10.x.40.23     Company_Name_Example             0.0.0.0                             Up
e8:b7:48:xx:28:40 10.x.40.21     Company_Name_Example              0.0.0.0                             Up
f8:66:f2:82:xx:e0 192.168.x.53    Company_Name_Example              0.0.0.0                             Up

(Cisco Controller) >

(Cisco Controller) >show arp switch

Number of arp entries................................ 6

    MAC Address        IP Address     Port   VLAN   Type
------------------- ---------------- ------ ------ ------
A4:BA:DB:xx:40:FC   10.X.52.7     2      10     Client
00:25:64:F1:xx:5C   10.X.52.8     2      10     Client

(Cisco Controller) >show interface summary

Interface Name                   Port Vlan Id IP Address      Type    Ap Mgr Guest
-------------------------------- ---- -------- --------------- ------- ------ -----
client_wired                     2    10       0.0.0.0         Dynamic No     Yes
management                       1    23      10.x.23.21    Static Yes    No
service-port                     N/A N/A      2.2.2.2         Static No     No
sydney_av                        1    57      10.x.57.2     Dynamic No     No
virtual                          N/A N/A      1.1.1.1         Static No     No

(Cisco Controller) >

@switch

!

interface FastEthernet1/0/5

description Client Wired Access

switchport access vlan 10

spanning-tree portfast

spanning-tree bpduguard enable

spanning-tree guard root !

Please note that we dont see any problem on the PC's guset internet but SW_MATM 4 MACFLAP_NOTIF flood our logs. Asking if there is any way to stop the message? or a IOS bug?

Sandeep Choudhary · ‎11-08-2012

Can u paste the output of these commands:

sh int Gi1/0/1

sh int fa1/0/5

sh int fa1/0/22

Regards

denz_cruel · ‎11-08-2012

SWITCH#sh int Gi1/0/1

GigabitEthernet1/0/1 is up, line protocol is up (connected)

Hardware is Gigabit Ethernet, address is e804.6215.0e81 (bia e804.6215.0e81)

Description: WLC-1

MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

Keepalive not set

Full-duplex, 1000Mb/s, link type is auto, media type is 1000BaseSX SFP

input flow-control is off, output flow-control is unsupported

ARP type: ARPA, ARP Timeout 04:00:00

Last input 00:00:09, output 00:00:01, output hang never

Last clearing of "show interface" counters never

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue: 0/40 (size/max)

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 1000 bits/sec, 2 packets/sec

10885477 packets input, 12244921052 bytes, 0 no buffer

Received 381314 broadcasts (381314 multicasts)

0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

0 watchdog, 381314 multicast, 0 pause input

0 input packets with dribble condition detected

60662737 packets output, 8656488369 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 babbles, 0 late collision, 0 deferred

0 lost carrier, 0 no carrier, 0 PAUSE output

0 output buffer failures, 0 output buffers swapped out

SWITCH#sh int fa1/0/5

FastEthernet1/0/5 is up, line protocol is up (connected)

Hardware is Fast Ethernet, address is e804.6215.0e87 (bia e804.6215.0e87)

Description: Client Wired Access

MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

Keepalive set (10 sec)

Full-duplex, 100Mb/s, media type is 10/100BaseTX

input flow-control is off, output flow-control is unsupported

ARP type: ARPA, ARP Timeout 04:00:00

Last input never, output 00:00:01, output hang never

Last clearing of "show interface" counters never

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue: 0/40 (size/max)

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

1554512 packets input, 231795894 bytes, 0 no buffer

Received 176889 broadcasts (48625 multicasts)

0 runts, 0 giants, 0 throttles

1 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

0 watchdog, 48625 multicast, 0 pause input

0 input packets with dribble condition detected

8933067 packets output, 1340099824 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 babbles, 0 late collision, 0 deferred

0 lost carrier, 0 no carrier, 0 PAUSE output

0 output buffer failures, 0 output buffers swapped out

SWITCH#sh int fa1/0/22 <<<<<<<---------------------------- TRUNK port to SWITCH2

FastEthernet1/0/22 is up, line protocol is up (connected)

Hardware is Fast Ethernet, address is e804.6215.0e98 (bia e804.6215.0e98)

Description: SWITCH2

MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

Keepalive set (10 sec)

Full-duplex, 100Mb/s, media type is 10/100BaseTX

input flow-control is off, output flow-control is unsupported

ARP type: ARPA, ARP Timeout 04:00:00

Last input 00:00:29, output 00:00:01, output hang never

Last clearing of "show interface" counters never

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue: 0/40 (size/max)

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

7993253 packets input, 1824903656 bytes, 0 no buffer

Received 1823372 broadcasts (1749368 multicasts)

0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

0 watchdog, 1749368 multicast, 0 pause input

0 input packets with dribble condition detected

53236374 packets output, 5338017142 bytes, 0 underruns

0 output errors, 0 collisions, 1 interface resets

0 babbles, 0 late collision, 0 deferred

0 lost carrier, 0 no carrier, 0 PAUSE output

0 output buffer failures, 0 output buffers swapped out

SWITCH2#sh mac address-table | inc a4ba.dbxx.40fc

10 a4ba.dbf6.40fc DYNAMIC Fa1/0/1

SWITCH2#sh int fa1/0/1 <<<<<------ the access port for PC: a4ba.dbxx.40fc

FastEthernet1/0/1 is up, line protocol is up (connected)

Hardware is Fast Ethernet, address is 8cb6.4f85.a303 (bia 8cb6.4f85.a303)

Description: Client Wired Access

MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

Keepalive set (10 sec)

Full-duplex, 10Mb/s, media type is 10/100BaseTX

input flow-control is off, output flow-control is unsupported

ARP type: ARPA, ARP Timeout 04:00:00

Last input never, output 00:00:01, output hang never

Last clearing of "show interface" counters never

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 333

Queueing strategy: fifo

Output queue: 0/40 (size/max)

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

1447581 packets input, 422680625 bytes, 0 no buffer

Received 636785 broadcasts (563712 multicasts)

0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

0 watchdog, 563712 multicast, 0 pause input

0 input packets with dribble condition detected

10940085 packets output, 1737765826 bytes, 0 underruns

0 output errors, 0 collisions, 3 interface resets

0 babbles, 0 late collision, 0 deferred

0 lost carrier, 0 no carrier, 0 PAUSE output

0 output buffer failures, 0 output buffers swapped out

Sandeep Choudhary · ‎11-08-2012

HI

sorry i asked wrong command:

Can u paste the config of the ports:

sh run int Gi1/0/1

sh run int fa1/0/5

sh run int fa1/0/22

Regards

denz_cruel · ‎11-08-2012

@SWITCH

!

interface GigabitEthernet1/0/1

description WLC

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface FastEthernet1/0/5

description Client Wired Access

switchport access vlan 10

spanning-tree portfast

spanning-tree bpduguard enable

spanning-tree guard root

!

interface FastEthernet1/0/22

description SWITCH2

switchport trunk encapsulation dot1q

switchport mode trunk

speed 100

duplex full

!

@SWITCH2

!

interface FastEthernet1/0/1

description Client Wired Access

switchport access vlan 10

spanning-tree portfast

!

Sandeep Choudhary · ‎11-08-2012

Hi,

It does seems that your network is having a L2 loop.

1. Disable the port-fast (on both sides) and then see if you are getting the flapping message.

If you are brave enough, you can also apply bpdu-guard to the port-fast (if there is a loop, it will change the port to err-disable / shut).

if still fails then try this:

Normally you would enable portfast on trunks with spanning-tree portfast trunk since regular spanning-tree portfast

would only works on access ports.

Reagrds

Muhammad Thanveer · ‎11-09-2012

I agree with what Sandeep said.

Please find the details of the error

Error Message SW_MATM-4-MACFLAP_NOTIF: Host [enet] in [chars] [dec] is flapping
between port [chars] and port [chars]

--------------------------------------------------------------------------------
Note This message applies to the Catalyst 3750-E and 3560-E switches.

--------------------------------------------------------------------------------
Explanation The switch found the traffic from the specified host flapping between the specified ports. [enet] is the host MAC address, [chars] [dec] is the switch ID, and the first and second [chars] are the ports between which the host traffic is flapping.

Recommended Action Check the network switches for misconfigurations that might cause a data-forwarding loop.

I would also like to add some info about REP:

Resilient Ethernet Protocol (REP): REP is a Cisco proprietary protocol that provides an alternative to Spanning Tree Protocol to control network loops, handle link failures, and improve convergence time. REP controls a group of ports connected in a segment, makes sure that the segment does not create any bridging loops, and responds to link failures within the segment. REP provides a basis for constructing more complex networks and supports VLAN load balancing.

http://www.cisco.com/en/US/docs/optical/cpt/r9_5/command/reference/cpt95_cr_chapter_0111.html#wp2634869455

Feature	Cisco Catalyst 3750G IP Base Feature Set	Cisco Catalyst 3750V2 IP Base Feature Set	Cisco Catalyst 3750G IP Services Feature Set	Cisco Catalyst 3750V2 IP Services Feature Set	Cisco Catalyst 3560G IP Base Feature Set	Cisco Catalyst 3560V2 IP Base Feature Set	Cisco Catalyst 3560G IP Services Feature Set	Cisco Catalyst 3560V2 IP Services Feature Set
REP	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes

Regards
Thanveer
"Everybody is genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is a stupid."

denz_cruel · ‎11-09-2012

Hi Sandeep,

Thank you for suggestion, just need to clarify.

Question1: disable portfast on both sides, so I will remove the spanning-tree portfast command on Fa1/0/5 and Fa1/0/1 (Client wired access port)?

Question2: apply bpdu-guard to the port-fast (if there is a loop, it will change the port to err-disable / shut).It is already added and see fa1/0/5 but it is not going to error-disable mode.

!

interface FastEthernet1/0/5

description Client Wired Access

switchport access vlan 10

spanning-tree portfast

spanning-tree bpduguard enable

spanning-tree guard root

Question3: enable portfast on trunks with spanning-tree portfast trunk Do I add this on both trunk inteface between SWITCH1(fa1/0/22) and SWITCH2(fa1/0/24)?

Sandeep Choudhary · ‎11-09-2012

Hi,

1. Yes remove from both ports.

2. just configure bpdu guard and portfast on fa1/0/5 and fa1/0/1, remove spanning-tree guard root from fa1/0/5.

3. yes you have to add on trunk ports.

Regards

denz_cruel · ‎11-13-2012

Hi,

I already removed the portfast (fa1/0/5 and fa1/0/1) on both access port then restarted the PC's and still flapping. Add the portfast trunk on all trunk ports (G1/0/1 and fa1/0/22) while no portfast on access port then restarted the PC's and still flapping. Add the portfast on access port while portfast trunk was configured on trunk ports then restarted the PC's and still flapping.

Any more advice?

Regards,

denz_cruel · ‎11-13-2012

Additional information, show spanning-tree detail

VLAN0010 is executing the rstp compatible Spanning Tree protocol
Bridge Identifier has priority 32768, sysid 10, address e804.6215.0e80
Configured hello time 2, max age 20, forward delay 15, transmit hold-count 6
Current root has priority 32778, address 0817.35af.c880
Root port is 25 (FastEthernet1/0/23), cost of root path is 19
Topology change flag not set, detected flag not set
Number of topology changes 14 last change occurred 01:51:41 ago
from FastEthernet1/0/5
Times: hold 1, topology change 35, notification 2
hello 2, max age 20, forward delay 15
Timers: hello 0, topology change 0, notification 0, aging 300

Port 1 (GigabitEthernet1/0/1) of VLAN0010 is designated forwarding
   Port path cost 4, Port priority 128, Port Identifier 128.1.
   Designated root has priority 32778, address 0817.35af.c880
   Designated bridge has priority 32778, address e804.6215.0e80
   Designated port id is 128.1, designated path cost 19
   Timers: message age 0, forward delay 0, hold 0
   Number of transitions to forwarding state: 3
   Link type is point-to-point by default
   BPDU: sent 126556, received 0

Port 3 (FastEthernet1/0/1) of VLAN0010 is designated forwarding
   Port path cost 100, Port priority 128, Port Identifier 128.3.
   Designated root has priority 32778, address 0817.35af.c880
   Designated bridge has priority 32778, address e804.6215.0e80
   Designated port id is 128.3, designated path cost 19
   Timers: message age 0, forward delay 0, hold 0
   Number of transitions to forwarding state: 3
   The port is in the portfast mode
   Link type is point-to-point by default
   BPDU: sent 4862, received 0

Port 7 (FastEthernet1/0/5) of VLAN0010 is designated forwarding
   Port path cost 19, Port priority 128, Port Identifier 128.7.
   Designated root has priority 32778, address 0817.35af.c880
   Designated bridge has priority 32778, address e804.6215.0e80
   Designated port id is 128.7, designated path cost 19
   Timers: message age 0, forward delay 0, hold 0
   Number of transitions to forwarding state: 1
   The port is in the portfast mode
   Link type is point-to-point by default
   BPDU: sent 3336, received 0

Port 22 (FastEthernet1/0/20) of VLAN0010 is designated forwarding
   Port path cost 19, Port priority 128, Port Identifier 128.22.
   Designated root has priority 32778, address 0817.35af.c880
   Designated bridge has priority 32778, address e804.6215.0e80
   Designated port id is 128.22, designated path cost 19
   Timers: message age 0, forward delay 0, hold 0
   Number of transitions to forwarding state: 3
   Link type is point-to-point by default
   BPDU: sent 126267, received 5

Port 23 (FastEthernet1/0/21) of VLAN0010 is designated forwarding
   Port path cost 19, Port priority 128, Port Identifier 128.23.
   Designated root has priority 32778, address 0817.35af.c880
   Designated bridge has priority 32778, address e804.6215.0e80
   Designated port id is 128.23, designated path cost 19
   Timers: message age 0, forward delay 0, hold 0
   Number of transitions to forwarding state: 3
   Link type is point-to-point by default
   BPDU: sent 126243, received 7

Port 24 (FastEthernet1/0/22) of VLAN0010 is designated forwarding
   Port path cost 19, Port priority 128, Port Identifier 128.24.
   Designated root has priority 32778, address 0817.35af.c880
   Designated bridge has priority 32778, address e804.6215.0e80
   Designated port id is 128.24, designated path cost 19
   Timers: message age 0, forward delay 0, hold 0
   Number of transitions to forwarding state: 2
   Link type is point-to-point by default
   BPDU: sent 126140, received 35

Port 25 (FastEthernet1/0/23) of VLAN0010 is root forwarding
   Port path cost 19, Port priority 128, Port Identifier 128.25.
   Designated root has priority 32778, address 0817.35af.c880
   Designated bridge has priority 32778, address 0817.35af.c880
   Designated port id is 128.26, designated path cost 0
   Timers: message age 16, forward delay 0, hold 0
   Number of transitions to forwarding state: 1
   Link type is point-to-point by default
   BPDU: sent 23, received 126133

denz_cruel · ‎11-14-2012

Hi,

I already removed the portfast (fa1/0/5 and fa1/0/1) on both access port then restarted the PC's and still flapping. Add the portfast trunk on all trunk ports (G1/0/1 and fa1/0/22) while no portfast on access port then restarted the PC's and still flapping. Add the portfast on access port while portfast trunk was configured on trunk ports then restarted the PC's and still flapping. Reconfigure back the ports, access port with portfat enable while trunk port has no portfast trunk.

Any more advice? How about IOS bug? Is this normal logs because WLC in port G1/0/1 used by the PC's as tunnel to have internet access?

Regards,