[c-nsp] MAC / CAM flapping problem

Jared Mauch jared at puck.nether.net
Mon Jul 17 19:28:02 EDT 2006 

	Do you have proxy-arp enabled on any of the routers?
(it's enabled by default.. a no longer wise default IMHO).

	you want to disable that on each of the interfaces
(and subinterfaces) which will possibly make this go away.

	it may break a few misconfigured hosts/networks,
eg: if you are doing something like

'ip route 1.2.3.0 255.255.255.0 fastethernet2/3'

	that is very-bad and abusive to your router cpu, so you'll
want to update the next-hop with the correct IP or interface+IP
involved, or put a secondary IP on the subnet.

	- Jared

On Mon, Jul 17, 2006 at 07:20:41PM -0400, Bill Wichers wrote:
> I have a Catalyst 4000 with several trunks to other switches, and I've
> been seeing a lot of this message:
> 
> 2006 Jul 17 19:07:39 edt -04:00 %SYS-4-P2_WARN: 1/Host xx:xx:xx:xx:xx:xx
> is flapping between port 2/6 and port 2/4
> 
> Where all the xx:xx: stuff is the MAC address of the gateway out, which is
> on port 2/4. Port 2/6 is an uplink to another switch with some 100+
> servers on it.
> 
> I've checked and there is no loop in the network (everything stars out
> from the 4000), and the other switches are unfortunatly not Cisco (yet,
> we're replacing them) so I have limited diagnostic tools available on
> them.
> 
> The problem I'm having is that every time the flapping occurs it causes a
> burst of packet loss, presumably while the switch relearns the correct MAC
> address on the correct port. Both ports are 802.1q trunks carrying
> numerous VLANs. I was looking at port security, but the docs imply that it
> can't work on a trunk.
> 
> Does anyone know of a way to force the switch (running CatOS v8.1(3)) to
> ignore the routers MAC address if it hears it as a source address on any
> port except 2/4? I can't seem to find a way to do it that will work on the
> trunk ports AND will still allow traffic to pass to the router using the
> router's MAC address as a destination.
> 
> Any help much appreciated!
> 
>      -Bill
> 
> *****************************
> Waveform Technology
> Systems Engineer
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

-- 
Jared Mauch  | pgp key available via finger from jared at puck.nether.net
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.

More information about the cisco-nsp mailing list