11-08-2012 06:17 PM - edited 03-07-2019 09:57 AM
Hi,
Can anyone help me if this is a IOS bug or error that need to be fix. See logs below.
SWITCH: cisco WS-C3750V2-24PS (C3750-IPBASEK9-M), Version 12.2(52)SE
SW_MATM 4 MACFLAP_NOTIF Host a4ba.dbxx.40fc in vlan 10 is flapping between port Gi1/0/1 and port Fa1/0/22
SW_MATM 4 MACFLAP_NOTIF Host 0025.64xx.5f5c in vlan 10 is flapping between port Gi1/0/1 and port Fa1/0/5
1.) The PC's (a4ba.dbxx.40fc and 0025.64xx.5f5c) are directly connected to the Switch on Fas1/0/22 and Fa1/0/5 using vlan access 10. To grant this PC's internet access we inlcude the mac-address in wireless guest access gateway (Mobility Anchors).
sh mac address-table | inc a4ba.dbxx.40fc
10 a4ba.dbxx.40fc DYNAMIC Fa1/0/22
sh mac address-table | inc 0025.64xx.5f5c
10 0025.64xx.5f5c DYNAMIC Fa1/0/5
2.) G1/0/1 is the WLC and PC's MAC address are now learned by WLC, see details below.
Profile Name SSID Security Policies No. of Mobility Anchors Admin Status No. of Clients
Client_Wired Client_Wired None 1 Enabled 2 <<--- (PC's)
MAC Address IP Address Port VLAN Type
------------------- ---------------- ------ ------ ------
A4:BA:DB:XX:40:FC 10.X.X.7 2 10 Client
00:25:64:F1:XX:5C 10.X.X.8 2 10 Client
I believe that it should not flap between g1/0/1 and Fa1/0/5 & F1/0/22 coz of the mobility anchor at WLC. This is our first site with this kind of set-up so please advise if this is error message log that need to be fix on the switch or IOS bug.
11-08-2012 09:44 PM
try refreshing both F ports configs it should be access and for G port for WLC is trunk and allowed vlan for WLAN and your data. and check wehther you'll still see this error.
11-08-2012 10:04 PM
hi Denz,
Please provide output for
show mobility summary
If the access-point group VLAN on the anchor controller is different than the WLAN interface VLAN on the foreign controller. In this case, client traffic could be sent on an incorrect VLAN during mobility events
Regards
Thanveer
"Everybody is genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is a stupid."
11-08-2012 10:29 PM
(Cisco Controller) >show mobility summary
Symmetric Mobility Tunneling (current) .......... Enabled
Symmetric Mobility Tunneling (after reboot) ..... Enabled
Mobility Protocol Port........................... 16666
Default Mobility Domain.......................... Company_Name_Example
Multicast Mode .................................. Disabled
Mobility Domain ID for 802.11r................... 0x638b
Mobility Keepalive Interval...................... 10
Mobility Keepalive Count......................... 3
Mobility Group Members Configured................ 4
Mobility Control Message DSCP Value.............. 0
Controllers configured in the Mobility Group
MAC Address IP Address Group Name Multicast IP Status
1c:df:0f:xx:3d:c0 10.x.23.21 Company_Name_Example 0.0.0.0 Up
64:00:f1:xx:49:c0 10.x.40.23 Company_Name_Example 0.0.0.0 Up
e8:b7:48:xx:28:40 10.x.40.21 Company_Name_Example 0.0.0.0 Up
f8:66:f2:82:xx:e0 192.168.x.53 Company_Name_Example 0.0.0.0 Up
(Cisco Controller) >
(Cisco Controller) >show arp switch
Number of arp entries................................ 6
MAC Address IP Address Port VLAN Type
------------------- ---------------- ------ ------ ------
A4:BA:DB:xx:40:FC 10.X.52.7 2 10 Client
00:25:64:F1:xx:5C 10.X.52.8 2 10 Client
(Cisco Controller) >show interface summary
Interface Name Port Vlan Id IP Address Type Ap Mgr Guest
-------------------------------- ---- -------- --------------- ------- ------ -----
client_wired 2 10 0.0.0.0 Dynamic No Yes
management 1 23 10.x.23.21 Static Yes No
service-port N/A N/A 2.2.2.2 Static No No
sydney_av 1 57 10.x.57.2 Dynamic No No
virtual N/A N/A 1.1.1.1 Static No No
(Cisco Controller) >
@switch
!
interface FastEthernet1/0/5
description Client Wired Access
switchport access vlan 10
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root !
Please note that we dont see any problem on the PC's guset internet but SW_MATM 4 MACFLAP_NOTIF flood our logs. Asking if there is any way to stop the message? or a IOS bug?
11-08-2012 11:08 PM
Can u paste the output of these commands:
sh int Gi1/0/1
sh int fa1/0/5
sh int fa1/0/22
Regards
11-08-2012 11:19 PM
SWITCH#sh int Gi1/0/1
GigabitEthernet1/0/1 is up, line protocol is up (connected)
Hardware is Gigabit Ethernet, address is e804.6215.0e81 (bia e804.6215.0e81)
Description: WLC-1
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not set
Full-duplex, 1000Mb/s, link type is auto, media type is 1000BaseSX SFP
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:09, output 00:00:01, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 1000 bits/sec, 2 packets/sec
10885477 packets input, 12244921052 bytes, 0 no buffer
Received 381314 broadcasts (381314 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 381314 multicast, 0 pause input
0 input packets with dribble condition detected
60662737 packets output, 8656488369 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
SWITCH#sh int fa1/0/5
FastEthernet1/0/5 is up, line protocol is up (connected)
Hardware is Fast Ethernet, address is e804.6215.0e87 (bia e804.6215.0e87)
Description: Client Wired Access
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is 10/100BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output 00:00:01, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
1554512 packets input, 231795894 bytes, 0 no buffer
Received 176889 broadcasts (48625 multicasts)
0 runts, 0 giants, 0 throttles
1 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 48625 multicast, 0 pause input
0 input packets with dribble condition detected
8933067 packets output, 1340099824 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
SWITCH#sh int fa1/0/22 <<<<<<<---------------------------- TRUNK port to SWITCH2
FastEthernet1/0/22 is up, line protocol is up (connected)
Hardware is Fast Ethernet, address is e804.6215.0e98 (bia e804.6215.0e98)
Description: SWITCH2
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is 10/100BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:29, output 00:00:01, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
7993253 packets input, 1824903656 bytes, 0 no buffer
Received 1823372 broadcasts (1749368 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 1749368 multicast, 0 pause input
0 input packets with dribble condition detected
53236374 packets output, 5338017142 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
SWITCH2#sh mac address-table | inc a4ba.dbxx.40fc
10 a4ba.dbf6.40fc DYNAMIC Fa1/0/1
SWITCH2#sh int fa1/0/1 <<<<<------ the access port for PC: a4ba.dbxx.40fc
FastEthernet1/0/1 is up, line protocol is up (connected)
Hardware is Fast Ethernet, address is 8cb6.4f85.a303 (bia 8cb6.4f85.a303)
Description: Client Wired Access
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 10Mb/s, media type is 10/100BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output 00:00:01, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 333
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
1447581 packets input, 422680625 bytes, 0 no buffer
Received 636785 broadcasts (563712 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 563712 multicast, 0 pause input
0 input packets with dribble condition detected
10940085 packets output, 1737765826 bytes, 0 underruns
0 output errors, 0 collisions, 3 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
11-08-2012 11:22 PM
HI
sorry i asked wrong command:
Can u paste the config of the ports:
sh run int Gi1/0/1
sh run int fa1/0/5
sh run int fa1/0/22
Regards
11-08-2012 11:54 PM
@SWITCH
!
interface GigabitEthernet1/0/1
description WLC
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet1/0/5
description Client Wired Access
switchport access vlan 10
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root
!
interface FastEthernet1/0/22
description SWITCH2
switchport trunk encapsulation dot1q
switchport mode trunk
speed 100
duplex full
!
@SWITCH2
!
interface FastEthernet1/0/1
description Client Wired Access
switchport access vlan 10
spanning-tree portfast
!
11-08-2012 11:59 PM
Hi,
It does seems that your network is having a L2 loop.
1. Disable the port-fast (on both sides) and then see if you are getting the flapping message.
If you are brave enough, you can also apply bpdu-guard to the port-fast (if there is a loop, it will change the port to err-disable / shut).
if still fails then try this:
Normally you would enable portfast on trunks with spanning-tree portfast trunk since regular spanning-tree portfast
would only works on access ports.
Reagrds
11-09-2012 12:23 AM
I agree with what Sandeep said.
Please find the details of the error
Error Message SW_MATM-4-MACFLAP_NOTIF: Host [enet] in [chars] [dec] is flapping
between port [chars] and port [chars]
--------------------------------------------------------------------------------
Note This message applies to the Catalyst 3750-E and 3560-E switches.
--------------------------------------------------------------------------------
Explanation The switch found the traffic from the specified host flapping between the specified ports. [enet] is the host MAC address, [chars] [dec] is the switch ID, and the first and second [chars] are the ports between which the host traffic is flapping.
Recommended Action Check the network switches for misconfigurations that might cause a data-forwarding loop.
I would also like to add some info about REP:
Resilient Ethernet Protocol (REP): REP is a Cisco proprietary protocol that provides an alternative to Spanning Tree Protocol to control network loops, handle link failures, and improve convergence time. REP controls a group of ports connected in a segment, makes sure that the segment does not create any bridging loops, and responds to link failures within the segment. REP provides a basis for constructing more complex networks and supports VLAN load balancing.
Regards
Thanveer
"Everybody is genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is a stupid."
11-09-2012 12:27 AM
Hi Sandeep,
Thank you for suggestion, just need to clarify.
Question1: disable portfast on both sides, so I will remove the spanning-tree portfast command on Fa1/0/5 and Fa1/0/1 (Client wired access port)?
Question2: apply bpdu-guard to the port-fast (if there is a loop, it will change the port to err-disable / shut).It is already added and see fa1/0/5 but it is not going to error-disable mode.
!
interface FastEthernet1/0/5
description Client Wired Access
switchport access vlan 10
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root
Question3: enable portfast on trunks with spanning-tree portfast trunk Do I add this on both trunk inteface between SWITCH1(fa1/0/22) and SWITCH2(fa1/0/24)?
11-09-2012 12:42 AM
Hi,
1. Yes remove from both ports.
2. just configure bpdu guard and portfast on fa1/0/5 and fa1/0/1, remove spanning-tree guard root from fa1/0/5.
3. yes you have to add on trunk ports.
Regards
11-13-2012 07:47 PM
Hi,
I already removed the portfast (fa1/0/5 and fa1/0/1) on both access port then restarted the PC's and still flapping. Add the portfast trunk on all trunk ports (G1/0/1 and fa1/0/22) while no portfast on access port then restarted the PC's and still flapping. Add the portfast on access port while portfast trunk was configured on trunk ports then restarted the PC's and still flapping.
Any more advice?
Regards,
11-13-2012 07:58 PM
Additional information, show spanning-tree detail
VLAN0010 is executing the rstp compatible Spanning Tree protocol
Bridge Identifier has priority 32768, sysid 10, address e804.6215.0e80
Configured hello time 2, max age 20, forward delay 15, transmit hold-count 6
Current root has priority 32778, address 0817.35af.c880
Root port is 25 (FastEthernet1/0/23), cost of root path is 19
Topology change flag not set, detected flag not set
Number of topology changes 14 last change occurred 01:51:41 ago
from FastEthernet1/0/5
Times: hold 1, topology change 35, notification 2
hello 2, max age 20, forward delay 15
Timers: hello 0, topology change 0, notification 0, aging 300
Port 1 (GigabitEthernet1/0/1) of VLAN0010 is designated forwarding
Port path cost 4, Port priority 128, Port Identifier 128.1.
Designated root has priority 32778, address 0817.35af.c880
Designated bridge has priority 32778, address e804.6215.0e80
Designated port id is 128.1, designated path cost 19
Timers: message age 0, forward delay 0, hold 0
Number of transitions to forwarding state: 3
Link type is point-to-point by default
BPDU: sent 126556, received 0
Port 3 (FastEthernet1/0/1) of VLAN0010 is designated forwarding
Port path cost 100, Port priority 128, Port Identifier 128.3.
Designated root has priority 32778, address 0817.35af.c880
Designated bridge has priority 32778, address e804.6215.0e80
Designated port id is 128.3, designated path cost 19
Timers: message age 0, forward delay 0, hold 0
Number of transitions to forwarding state: 3
The port is in the portfast mode
Link type is point-to-point by default
BPDU: sent 4862, received 0
Port 7 (FastEthernet1/0/5) of VLAN0010 is designated forwarding
Port path cost 19, Port priority 128, Port Identifier 128.7.
Designated root has priority 32778, address 0817.35af.c880
Designated bridge has priority 32778, address e804.6215.0e80
Designated port id is 128.7, designated path cost 19
Timers: message age 0, forward delay 0, hold 0
Number of transitions to forwarding state: 1
The port is in the portfast mode
Link type is point-to-point by default
BPDU: sent 3336, received 0
Port 22 (FastEthernet1/0/20) of VLAN0010 is designated forwarding
Port path cost 19, Port priority 128, Port Identifier 128.22.
Designated root has priority 32778, address 0817.35af.c880
Designated bridge has priority 32778, address e804.6215.0e80
Designated port id is 128.22, designated path cost 19
Timers: message age 0, forward delay 0, hold 0
Number of transitions to forwarding state: 3
Link type is point-to-point by default
BPDU: sent 126267, received 5
Port 23 (FastEthernet1/0/21) of VLAN0010 is designated forwarding
Port path cost 19, Port priority 128, Port Identifier 128.23.
Designated root has priority 32778, address 0817.35af.c880
Designated bridge has priority 32778, address e804.6215.0e80
Designated port id is 128.23, designated path cost 19
Timers: message age 0, forward delay 0, hold 0
Number of transitions to forwarding state: 3
Link type is point-to-point by default
BPDU: sent 126243, received 7
Port 24 (FastEthernet1/0/22) of VLAN0010 is designated forwarding
Port path cost 19, Port priority 128, Port Identifier 128.24.
Designated root has priority 32778, address 0817.35af.c880
Designated bridge has priority 32778, address e804.6215.0e80
Designated port id is 128.24, designated path cost 19
Timers: message age 0, forward delay 0, hold 0
Number of transitions to forwarding state: 2
Link type is point-to-point by default
BPDU: sent 126140, received 35
Port 25 (FastEthernet1/0/23) of VLAN0010 is root forwarding
Port path cost 19, Port priority 128, Port Identifier 128.25.
Designated root has priority 32778, address 0817.35af.c880
Designated bridge has priority 32778, address 0817.35af.c880
Designated port id is 128.26, designated path cost 0
Timers: message age 16, forward delay 0, hold 0
Number of transitions to forwarding state: 1
Link type is point-to-point by default
BPDU: sent 23, received 126133
11-14-2012 05:36 PM
Hi,
I already removed the portfast (fa1/0/5 and fa1/0/1) on both access port then restarted the PC's and still flapping. Add the portfast trunk on all trunk ports (G1/0/1 and fa1/0/22) while no portfast on access port then restarted the PC's and still flapping. Add the portfast on access port while portfast trunk was configured on trunk ports then restarted the PC's and still flapping. Reconfigure back the ports, access port with portfat enable while trunk port has no portfast trunk.
Any more advice? How about IOS bug? Is this normal logs because WLC in port G1/0/1 used by the PC's as tunnel to have internet access?
Regards,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide