How to process the MAC address flapping?

Latest reply: Apr 17, 2018 03:39:18 1884 1 0 0

Q: How to process the MAC address flapping?


A
: Perform the following operations.


Step 1: Determine the interface where MAC address flapping occurs.Run the display mac-address flapping command to check all historical records of MAC address flapping on the switch (the following information is used for reference only; the display depends on the device configuration).


<HUAWEI> display mac-address flapping MAC Address Flapping Configurations :
-------------------------------------------------------------------------------
 Flapping detection : Enable
 Aging time(s) : 300
 Quit-VLAN Recover time(m) : --
 Exclude VLAN-list : --
 Security level : Middle
-------------------------------------------------------------------------------
S : start time E : end time (D) : error down
-------------------------------------------------------------------------------
Time VLAN MAC Address Original-Port Move-Ports MoveNum
-------------------------------------------------------------------------------
S:2011-12-11 03:00 3 0000-08cc-2206 10GE1/0/1 10GE1/0/2 120 
E:2011-12-11 03:00 


-------------------------------------------------------------------------------
Total items on slot 1: 1


Original-Port: indicates the interface that learns the MAC address first. Move-Ports indicates the interface that learns the MAC address later. There may be multiple values of Move-Ports.


Step 2: Check whether a loop occurs.


  • Run the display interface brief | include up command to check traffic on the interface. Run this command multiple times to check traffic.
    When the switch is deployed on a network where loops occur, the response speed of the switch is slow. Check traffic on all interfaces in Up state. The values of InUti (inbound bandwidth usage) and OutUti (outbound bandwidth usage) increase gradually on the interface where a loop occurs, and even approximate 100%, exceeding service traffic.

Compare bandwidth usage of interface traffic with that of normal services. If bandwidth usage of interface traffic is much larger than that of normal services, a loop may occur.


  • If a broadcast storm occurs on only one interface, a self-loop may occur or a loop may occur on the downstream device.

  • If broadcast storms occur on two interfaces, a loop may occur between interfaces.

  • If a broadcast storm occurs on more interfaces, a self-loop may occur and a loop may occur on the downstream device or between interfaces.

  • Run the display logbuffer command to check whether a large number of logs are generated.

When a loop occurs, packets of some protocols such as OSPF are lost or looped back to the local device, or there are multiple copies of replicated packets. As a result, the protocol status may become unstable. If there are many logs about the preceding information, a loop may occur.


  • Run the display cpu-defend statistics [ history ] [ packet-type packet-type ] { all | slot slot-id } command to check whether protocol packets such as ARP packets sent to the CPU are suppressed and discarded.

Eliminate the loop when there is the loop on the network.


  • Check whether network cables are incorrectly connected and whether basic configurations are correct.

  • If services are seriously affected and need to be restored immediately, remove the interface from the VLAN where a loop occurs, shut down the interface where a loop occurs, and remove the fiber where a loop occurs.

Step 3: Check whether terminals use the same MAC address or whether there are MAC attacks from malicious users.


If the alarm about MAC address flapping involves one or few MAC addresses and the interface statistics are normal, check whether terminals connected to the interface that sends the alarm about MAC address flapping use the same MAC address. If the terminals use the same MAC address, change the MAC address of terminals or use other methods to prevent this situation. If there are MAC attacks from malicious users, prevent the malicious users from connecting to the network.

NOTE:


When multiple network adapters connect to a server, add the interface of the switch connected to the server to the Eth-Trunk or disable MAC address flapping detection in a VLAN.

Step 4: Collect information and seek technical support.


You can also find the answer in Ethernet Switching in FAQs.


  • x
  • convention:

WoodWood
Created Apr 17, 2018 03:39:18 Helpful(0) Helpful(0)

:)
  • x
  • convention:

Comment

Reply
You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Login and enjoy all the member benefits

Login and enjoy all the member benefits

Login