Jump to content
Sadikhov IT Certification forums
Sign in to follow this  
assasini

MATM-4-MACFLAP_NOTIF

Recommended Posts

Hi,

 

I am working on this issue from last couple of days and still doesn't have any clue ..I am logged onto this switch remotely and have no visibility of physical connection except digging into switch itself.

 

I am getting this errors messege contineously :

 

3310690: Nov 6 05:42:27: %SW_MATM-4-MACFLAP_NOTIF: Host 0050.5692.23e8 in vlan 4 is flapping between port Gi2/0/23 and port Gi1/0/19

3310689: Nov 6 05:42:21: %SW_MATM-4-MACFLAP_NOTIF: Host 0050.56a9.017c in vlan 1010 is flapping between port Gi1/0/19 and port Gi2/0/23

3310688: Nov 6 05:42:19: %SW_MATM-4-MACFLAP_NOTIF: Host 0050.56a9.51d9 in vlan 5 is flapping between port Gi1/0/19 and port Gi2/0/23

 

xxxxxxxx# sh run int gig1/0/19

!

interface GigabitEthernet1/0/19 <--------- this is up/up

description to xxxxxx failover

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 3-6,10-12,1006,1010,1025

switchport mode trunk

end

 

xxxxxxxxx#sh run int gig2/0/23

!

interface GigabitEthernet2/0/23 <----- This is up/up

description to xxxxxxx 2nd port

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 3-6,10-12,1006,1010,1025

switchport mode trunk

channel-group 11 mode active

end

 

interface GigabitEthernet1/0/18 <---- This is admin down

description to xxxxxxxx 1st port

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 3-6,10-12,1006,1010,1025

switchport mode trunk

shutdown

channel-group 11 mode active

 

 

interface Port-channel11

description 1/0/18 2/0/23 to xxxxxxxx

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 3-6,10-12,1006,1010,1025

switchport mode trunk

 

interface Port-channel11

description 1/0/18 2/0/23 to xxxxxxx

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 3-6,10-12,1006,1010,1025

switchport mode trunk

 

 

xxxxxxxx#sh int port-channel 11

Port-channel11 is down, line protocol is down (notconnect)

 

 

Please Help..

Share this post


Link to post
Share on other sites

Whats on the other end?

 

The descriptions say "failover"... Is there something failing over at the other end?

 

Is there a switch/hub causing dramas at the other end?

 

Show cdp n?

 

Show arp from a router a nearby shows what IPs? Can you ping the IP? Can you resolve it to a hostname to identify what individual box it is? i[fp]config on the appropriate hosts to see what hosts have that mac address.

Share this post


Link to post
Share on other sites
Whats on the other end?

 

The descriptions say "failover"... Is there something failing over at the other end?

 

Is there a switch/hub causing dramas at the other end?

 

Show cdp n?

 

Show arp from a router a nearby shows what IPs? Can you ping the IP? Can you resolve it to a hostname to identify what individual box it is? i[fp]config on the appropriate hosts to see what hosts have that mac address.

 

Other end is a Windows/HP server. I dont have control to this.

Show cdp neighbor doesn't show any thing on gig1/0/19 and gig2/0/23 ports.

Show arp doesn't have any MAC addresses which are flapping. All the MAC in arp are from Vlan999 ( management VLAN ).

 

BUT

I got the IP by resolving Hostname and the guy who manage it. Now I can coordinate with him.

 

N00b13 rocks..

Share this post


Link to post
Share on other sites

It is very important that you figure out if both port Gi2/0/23 and port Gi1/0/19 are connected to the same HP server or not.

 

The reason is simple, if they are connected to the same server (with dual NICs) what you see is some kind of load balancing mechanism done on server side (NIC teaming or so) for which both NICs are sending frames sourced by same MAC at the same time.

 

This is not recommended as you force the switch to learn the same MAC over and over. Since this operation is done in software by the CPU you can hit a High CPU condition too

 

IF your switcch is a 3550/3750 the impact is minimal, as the CPU queue reserved for MAC learning is limited and if it is full no more new MAC are punted to the CPU. So the CPU won't go too high but of course the switch won't learn new MAC while the queue is dropping leading to flooding of unknown unicast addresses.

 

If your switch is a 4500 the CPU can go as high as 100% depending on how much traffic is flapping across the 2 ports. That can lead to same unicast flooding issue plus, if the issue is very heavy, drops of control traffic.

 

If your switch is a 6500 just ignores it as it can handle it without no issue.

 

By the checking those macaddresses they come from vmware, so they are virtual. You really need to work with the admistritor to figure out what he did.

 

Ask the administrator to use a different load balancing scheme. Ideally they should keep one port in standby while the other transmits. If they need both ports to transmit at the same time the traffic should be sourced from 2 different MAC or else you will always see the flapping. They can configure a unique multicast MAC address but you need to know what you do as you can have other problems depending on the platforms you have.

 

------

 

If they are connected to 2 different servers they are clearly misconfigured and vmware is on both of them but it is configured to use the same MAC address on the 3 vlans. Solution> tell the administror to change them (and to stop messing up with your network)

 

--------

 

If they are connected to 2 switches (it might still be as those ports are trunk even if cdp is disabled) you are having a loop on those vlans.

How to fix it: draw a topology of those vlans including all the bridges and their ports. check the status of each one and make sure that one (or multiple) are in BLK state and therefore you don't have some redundant path active. Use "show span vlan x detail" to see if TCNs are increasing.

If you have redundant path and you dont how how to troubleshoot STP issues go ahead and confire spanning tree loopguard on all your switches. If your gears all all cisco configure also UDLD.

 

Good luck

Riccardo

Share this post


Link to post
Share on other sites
This is not recommended as you force the switch to learn the same MAC over and over. Since this operation is done in software by the CPU you can hit a High CPU condition too

 

IF your switcch is a 3550/3750 the impact is minimal, as the CPU queue reserved for MAC learning is limited and if it is full no more new MAC are punted to the CPU. So the CPU won't go too high but of course the switch won't learn new MAC while the queue is dropping leading to flooding of unknown unicast addresses.

 

If your switch is a 4500 the CPU can go as high as 100% depending on how much traffic is flapping across the 2 ports. That can lead to same unicast flooding issue plus, if the issue is very heavy, drops of control traffic.

 

If your switch is a 6500 just ignores it as it can handle it without no issue.

 

Nice Thing! i learned something, i knew abt 4500 but not of 3550/3750 and 6500

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this  

×