[c-nsp] MAC / CAM flapping problem

John Kougoulos koug at intracom.gr
Tue Jul 18 03:48:42 EDT 2006


Hello,

I've seen such problems when someone connects to the network a desktop 
PC with a USB cable that does some kind of bridging between the ethernet 
network and the USB interface in order to provide network access to eg. 
a laptop connected to a desktop PC via USB.

Also the same thing happens when someone connect a low-budget switch in 
the network. I think that all these devices do some kind of stupid 
bridging and they reinject the MAC addresses they have learned from the 
whole VLAN back to the network.

try to configure (if possible) the edge switches to learn limited number 
of MAC addresses from each port.

Regards,
John Kougoulos


Bill Wichers wrote:
> I have a Catalyst 4000 with several trunks to other switches, and I've
> been seeing a lot of this message:
> 
> 2006 Jul 17 19:07:39 edt -04:00 %SYS-4-P2_WARN: 1/Host xx:xx:xx:xx:xx:xx
> is flapping between port 2/6 and port 2/4
> 
> Where all the xx:xx: stuff is the MAC address of the gateway out, which is
> on port 2/4. Port 2/6 is an uplink to another switch with some 100+
> servers on it.
> 
> I've checked and there is no loop in the network (everything stars out
> from the 4000), and the other switches are unfortunatly not Cisco (yet,
> we're replacing them) so I have limited diagnostic tools available on
> them.
> 
> The problem I'm having is that every time the flapping occurs it causes a
> burst of packet loss, presumably while the switch relearns the correct MAC
> address on the correct port. Both ports are 802.1q trunks carrying
> numerous VLANs. I was looking at port security, but the docs imply that it
> can't work on a trunk.
> 
> Does anyone know of a way to force the switch (running CatOS v8.1(3)) to
> ignore the routers MAC address if it hears it as a source address on any
> port except 2/4? I can't seem to find a way to do it that will work on the
> trunk ports AND will still allow traffic to pass to the router using the
> router's MAC address as a destination.
> 
> Any help much appreciated!
> 
>      -Bill
> 
> *****************************
> Waveform Technology
> Systems Engineer
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/


More information about the cisco-nsp mailing list