Got it

MAC address flapping

Created: Feb 3, 2020 11:50:07Latest reply: Feb 6, 2020 11:53:12 148 5 0 0
  Rewarded HiCoins: 0 (problem resolved)

 Dears;

how can I solve mac address flapping. it is consuming my CPU usage

  • x
  • convention:

Featured Answers

Recommended answer

Admin Created Feb 3, 2020 12:13:16 Helpful(1) Helpful(1)

@tesfama hi,

commonly, MAC flapping occurred due to the network loop, please check the documentation Troubleshooting: Layer 2 Loop, it will guide you to locate the layer 2 loop.

If you have more questions, please let us know.


View more
  • x
  • convention:

All Answers
sohaib.ansar MVE Created Feb 3, 2020 11:53:08 Helpful(0) Helpful(0)

Hi User,

How to Prevent MAC Address Flapping
MAC address flapping occurs on a network when the network has a loop or undergoes an attack.

During network planning, you can use the following methods to prevent MAC address flapping:
Increase the MAC address learning priority of an interface: When the same MAC address is learned on interfaces of different priorities, the MAC address entry on the interface with the highest priority overrides the MAC address entries on the other interfaces.
Prevent MAC address entries from being overridden on interfaces with the same priority: If the interface connected to a bogus network device has the same priority as the interface connected to an authorized device, the MAC address entry of the bogus device learned later does not override the original correct MAC address entry. If the authorized device is powered off, the MAC address entry of the bogus device is learned. After the authorized device is powered on again, its MAC address cannot be learned.
As shown in Figure 3-6, Port1 of the switch is connected to a server. To prevent unauthorized users from connecting to the switch using the server's MAC address, you can set a high MAC address learning priority for Port1.
Figure 3-6 Networking of MAC address flapping prevention

https://support.huawei.com/enterprise/en/doc/EDOC1000178168/4b794b38/mac-address-flapping
View more
  • x
  • convention:

Network%20Enthusiastic
chenhui Admin Created Feb 3, 2020 12:13:16 Helpful(1) Helpful(1)

@tesfama hi,

commonly, MAC flapping occurred due to the network loop, please check the documentation Troubleshooting: Layer 2 Loop, it will guide you to locate the layer 2 loop.

If you have more questions, please let us know.


View more
  • x
  • convention:

lubna Created Feb 3, 2020 12:15:27 Helpful(0) Helpful(0)

hy tesfama i hope it will help you

Cisco MAC Address Flapping Causing High CPU Utilization
Posted on October 18, 2011by tkrn
A MAC flap is caused when a switch receives packets from two different physical/logical interfaces with the same source MAC address. The switch then learns where the MAC address is and puts in to a table. This table has the physical/logical interface and the MAC address. When flapping occurs it causes this table to be updated whenever a packet is sent/received. The more data flowing through the interface that is flapping the higher your CPU Utilization is going to be which can have serious potential negative side effects. Such as dropped packets, laggy terminal session and complete drop of network connectivity.

The following will give you the commands you need to help identify MAC Address Flapping and High CPU Utilization on Cisco Catalyst series switch. This was performed to troubleshoot CPU utilization issues on a Cisco Catalyst 4500 series switch but the same commands should be available to other Cisco switches which run the IOS firmware.

cisco4500#show processes cpu
CPU utilization for five seconds: 38%/1%; one minute: 32%; five minutes: 32%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
27 524 250268 2 0.00% 0.00% 0.00% 0 TTY Background
28 816 254843 3 0.00% 0.00% 0.00% 0 Per-Second Jobs
29 101100 5053 20007 0.00% 0.01% 0.00% 0 Per-minute Jobs
30 26057260 26720902 975 12.07% 11.41% 11.36% 0 Cat4k Mgmt HiPri
31 19482908 29413060 662 24.07% 19.32% 19.20% 0 Cat4k Mgmt LoPri
32 4468 162748 27 0.00% 0.00% 0.00% 0 Galios Reschedul
The following will give you a Target CPU percent and the Actual Percent. Look for percents that greatly exceed the Target CPU percent. This will help identify what is eating your processing power on your device. This is used to troubleshoot other items than MAC Address Flapping such as Routing Loops and other bad things that can bring your network to a halt.

cisco4500#show platform health
%CPU %CPU RunTimeMax Priority Average %CPU Total
Target Actual Target Actual Fg Bg 5Sec Min Hour CPU
Protocol-aging-revie 0.20 0.00 2 0 100 500 0 0 0 0:01
Acl-Flattener 1.00 0.00 10 5 100 500 0 0 0 0:04
KxAclPathMan create/ 1.00 0.00 10 5 100 500 0 0 0 0:21
KxAclPathMan update 2.00 0.00 10 6 100 500 0 0 0 0:05
KxAclPathMan reprogr 1.00 0.00 2 1 100 500 0 0 0 0:00
TagMan-InformMtegRev 1.00 0.00 5 0 100 500 0 0 0 0:00
TagMan-RecreateMtegR 1.00 0.00 10 14 100 500 0 0 0 0:18
K2CpuMan Review 30.00 91.31 30 92 100 500 128 119 84 13039:02
K2AccelPacketMan: Tx 10.00 2.30 20 0 100 500 2 2 2 1345:30
K2AccelPacketMan: Au 0.10 0.00 0 0 100 500 0 0 0 0:00
First enter enabled mode then configure terminal mode. Issue the following command to ensure there is logging for mac-move which will identify MAC Address Flapping.

cisco4500(config)#mac address-table notification mac-move
After a period of time, view the log to identify the MAC address that is flapping.

cisco4500(config)#do show log
Syslog logging: enabled (0 messages dropped, 1 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)
...
*Oct 3 08:51:28.149: %SYS-5-CONFIG_I: Configured from console by admin on vty0 (10.10.10.236)
*Oct 3 09:43:46.437: _EBM-4-HOSTFLAPPING: Host 00:60:48:1B:01:15 in vlan 400 is moving from port Gi2/40 to port Gi2/30
*Oct 3 09:43:48.629: _EBM-4-HOSTFLAPPING: Host 00:60:48:1B:01:15 in vlan 400 is moving from port Gi2/30 to port Gi2/40
*Oct 3 09:43:48.717: _EBM-4-HOSTFLAPPING: Host 00:60:48:1B:01:15 in vlan 400 is moving from port Gi2/40 to port Gi2/30
*Oct 3 09:43:49.581: _EBM-4-HOSTFLAPPING: Host 00:60:48:1B:01:15 in vlan 400 is moving from port Gi2/30 to port Gi2/40
Furthermore, issue the following command at random periods of time to illustrate the MAC address bouncing between two different physical ports.

cisco4500#sh mac address-table address 00:60:48:1B:01:15

Unicast Entries
vlan mac address type protocols port
-------+---------------+--------+---------------------+--------------------
400 0060.481b.0115 dynamic ip GigabitEthernet2/30

cisco4500#sh mac address-table address 00:60:48:1B:01:15
Unicast Entries
vlan mac address type protocols port
-------+---------------+--------+---------------------+--------------------
400 0060.481b.0115 dynamic ip GigabitEthernet2/40
It depends on how your configuration is but it is generally a good idea to disable one of the two interfaces or fix an issue with a logical interface such as EtherChannel/LACP.

For furhter information and Cisco official documentation, http://www.cisco.com/c/en/us/support/docs/switches/catalyst-4000-series-switches/65591-cat4500-high-cpu.html
View more
  • x
  • convention:

i%20am%20student%20%20and%20i%20am%20doing%20BSIT%20from%20international%20Islamic%20university%20in%20islamabad
lubna Created Feb 3, 2020 12:16:24 Helpful(0) Helpful(0)

A MAC Flap is caused when a switch receives packets from two different interfaces with the same source MAC address. If you are getting the behavior for a lot of other MACs, that most likely is a layer 2 loop. ... Check the network switches for misconfigurations that might cause a data-forwarding loop.
View more
  • x
  • convention:

i%20am%20student%20%20and%20i%20am%20doing%20BSIT%20from%20international%20Islamic%20university%20in%20islamabad
IbrYsf Created Feb 6, 2020 11:53:12 Helpful(0) Helpful(0)

  • x
  • convention:

Comment

Comment
You need to log in to comment to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!

My Followers

Login and enjoy all the member benefits

Login

Huawei Enterprise Support Community
Huawei Enterprise Support Community
Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.