Solved: Two same mac address learning on single port

kamleshkatariya1994 · ‎06-07-2024

Multiple vlans can be configured on the same mac and on the same port.

1 18b1.692e.c100 DYNAMIC Gi1/0/1
11 18b1.692e.c100 DYNAMIC Gi1/0/1

M02@rt37 · ‎06-07-2024

@kamleshkatariya1994

Yes, the scenario you described, where the same MAC address (`18b1.692e.c100`) appears on multiple VLANs on the same port connecting to a Firewall, can indeed cause MAC flapping. MAC flapping occurs when the switch receives frames with the same source MAC address on different ports or VLANs in a short period of time, leading to continuous updates in its MAC address table. This typically happens due to misconfigurations in trunk ports or VLAN tagging issues. In this case, the port Gi1/0/1 should be correctly configured as a trunk port, and the firewall must appropriately tag VLANs to prevent confusion. T

Troubleshoot this! Verify the trunk configuration on the switch to ensure the appropriate VLANs are allowed and properly tagged. For instance, the switch port configuration should allow VLANs 1 and 11. On the firewall, ensure that interfaces handling VLANs are set up correctly, tagging traffic with the right VLAN identifiers.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

View solution in original post

Torbjørn · ‎06-07-2024

This can occur for multiple reasons. It could also be caused by having VLANs that have been bridged together somewhere else in the topology. Some devices simply use the same mac address in multiple VLANs. You can see this when a device has transitioned from one VLAN to another.

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev

kamleshkatariya1994 · ‎06-07-2024

hello

Is this the cause of Mac flapping?

M02@rt37 · ‎06-07-2024

hello @kamleshkatariya1994

If Gi1/0/1 is a trunk port, it can carry traffic for both VLAN 1 and VLAN 11. The device with the MAC address 18b1.692e.c100 might be connected to another switch or router through this trunk port.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

kamleshkatariya1994 · ‎06-07-2024

hello

Gi1/0/1 connects to firewall and configures 2 vlans, and 2 vlan mac are same

Is this the cause of Mac flapping?

M02@rt37 · ‎06-07-2024

@kamleshkatariya1994

Yes, the scenario you described, where the same MAC address (`18b1.692e.c100`) appears on multiple VLANs on the same port connecting to a Firewall, can indeed cause MAC flapping. MAC flapping occurs when the switch receives frames with the same source MAC address on different ports or VLANs in a short period of time, leading to continuous updates in its MAC address table. This typically happens due to misconfigurations in trunk ports or VLAN tagging issues. In this case, the port Gi1/0/1 should be correctly configured as a trunk port, and the firewall must appropriately tag VLANs to prevent confusion. T

Troubleshoot this! Verify the trunk configuration on the switch to ensure the appropriate VLANs are allowed and properly tagged. For instance, the switch port configuration should allow VLANs 1 and 11. On the firewall, ensure that interfaces handling VLANs are set up correctly, tagging traffic with the right VLAN identifiers.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

kamleshkatariya1994 · ‎06-07-2024

Thanx for support

MHM Cisco World · ‎06-10-2024

It is third time you post aboue same issue.

I dont think it solve (let discuss this issue here please no private message'let all know exactly the issue and how we can solve it)

Now

History of issue

You have ring topolgy

The SW face this issue is SW that connect to 802.1D (legacy)' i.e. legacy SW is inbetween two SW run PVST.

So the solution of this issue is make this SW run PVST' i.e. all SW run same STP mode

Waiting your reply

MHM

kamleshkatariya1994 · ‎06-10-2024

hello

Yes all SW run same STP mode (PVST)

MHM Cisco World · ‎06-11-2024

If So what I see is say different

Below is your show in your first post which fast mark as solve and I was sure it not native vlan issue anyway

VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 32768
Address 0087.64b6.c5f7
Cost 90
Port 1 (GigabitEthernet1/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0029.c2a1.e200
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec

Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi1/1 Root FWD 4 128.1 P2p Peer(STP)
Gi1/2 Desg FWD 4 128.2 P2p Peer(STP)

Peer(STP) this meaning that this SW is run pvst and connect to stp legacy SW

MHM

kamleshkatariya1994 · ‎06-11-2024

hello

All the Switches are connected in PVST but when i start the ring then the port remains blocked for some time and after some time it comes in the listing, below details

VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 1
Address 0078.8822.cc00
Cost 24
Port 25 (GigabitEthernet1/0/25)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address b08b.d067.dd80
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec

Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi1/0/25 Root FWD 4 128.25 P2p
Gi1/0/26 Altn BLK 4 128.26 P2p

VLAN0011
Spanning tree enabled protocol ieee
Root ID Priority 11
Address 0078.8822.cc00
Cost 24
Port 25 (GigabitEthernet1/0/25)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32779 (priority 32768 sys-id-ext 11)
Address b08b.d067.dd80
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec

Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi1/0/11 Desg FWD 19 128.11 P2p
Gi1/0/12 Desg FWD 19 128.12 P2p
Gi1/0/13 Desg FWD 19 128.13 P2p
Gi1/0/15 Desg FWD 19 128.15 P2p
Gi1/0/17 Desg FWD 19 128.17 P2p
Gi1/0/18 Desg FWD 19 128.18 P2p
Gi1/0/19 Desg FWD 19 128.19 P2p
Gi1/0/20 Desg FWD 19 128.20 P2p
Gi1/0/25 Root FWD 4 128.25 P2p
Gi1/0/26 Altn BLK 4 128.26 P2p

VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 1
Address 0078.8822.cc00
Cost 24
Port 25 (GigabitEthernet1/0/25)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address b08b.d067.dd80
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec

Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi1/0/25 Root FWD 4 128.25 P2p
Gi1/0/26 Altn BLK 4 128.26 P2p

VLAN0011
Spanning tree enabled protocol ieee
Root ID Priority 1
Address 0078.8822.cc00
Cost 24
Port 26 (GigabitEthernet1/0/26)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32779 (priority 32768 sys-id-ext 11)
Address b08b.d067.dd80
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 15 sec

Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi1/0/11 Desg FWD 19 128.11 P2p
Gi1/0/12 Desg FWD 19 128.12 P2p
Gi1/0/13 Desg FWD 19 128.13 P2p
Gi1/0/15 Desg FWD 19 128.15 P2p
Gi1/0/17 Desg FWD 19 128.17 P2p
Gi1/0/18 Desg FWD 19 128.18 P2p
Gi1/0/19 Desg FWD 19 128.19 P2p
Gi1/0/20 Desg FWD 19 128.20 P2p
Gi1/0/25 Desg FWD 4 128.25 P2p
Gi1/0/26 Root LIS 4 128.26 P2p

MHM Cisco World · ‎06-11-2024

Only check your first post' what I share above from your post

Where you see peer (stp) ?

It can the issue here

MHM

Joseph W. Doherty · ‎06-10-2024

Yes they can. MACs only need to be unique per L2 domain. As you mention two VLANs, that's legitimate.

From your other replies, you ask if this can cause MAC flapping. If all is configured correctly, and working correctly, no it shouldn't.

If you have MAC flapping, we need more detail, starting with what do you see/consider the MAC flapping?

@MHM Cisco World mentions this is your 3rd post same issue?

kamleshkatariya1994 · ‎06-10-2024

hello

Tell me what details you need and i will send it to you.

Joseph W. Doherty · ‎06-11-2024

Just took a look a your prior postings. I, like @Giuseppe Larosa (in one of those prior threads) wonder about the size of your ring topology, especially using non-rapid-pvst. More suitable for this topology might be REP, but possibly not all your switches support, but if they rapid-pvst, I would suggest migrating to that. Believe it's a bit more tolerant on "diameter".