[c-nsp] %SW_MATM-4-MACFLAP_NOTIF and q-in-q tunnels...

Tassos Chatzithomaoglou achatz at forthnet.gr
Wed Feb 13 19:08:02 EST 2008 

I had the same problem, but it was normal.
Although the mac address is the same, the inner (customer) vlan is different, so from customer side 
everything is fine.
 From provider side, since you're using a common outer vlan, you'll have the same mac address from 2 
different ports, but on the same (outer) vlan...which is a no-no.

The only solution i found (since my topology was p2p for this vlan), was to disable mac learning for 
this outer vlan.

I guess MAC-in-MAC (802.1ah) would solve such a problem (there are some pdfs referencing 6500 and 
802.1ah, but i haven't seen this feature appearing in any ios release).

--
Tassos


Rhett Bassett wrote on 13/2/2008 10:53 μμ:
> Gurus-
> 
>   I've got a misbehaving customer with a L2 VLAN tossing all sorts of
> %SW_MATM-4-MACFLAP_NOTIF messages - from different (though a limited
> set) MACs.  Okay, so they have a loop of some sort - fine.
> 
>   To wit:
> Feb 13 12:25:31: %SW_MATM-4-MACFLAP_NOTIF: Host 0012.3fXX.XXXX in vlan
> YYY is flapping between port Gi0/26 and port Gi0/27
> Feb 13 12:25:32: %SW_MATM-4-MACFLAP_NOTIF: Host 000b.dbXX.XXXX in vlan
> YYY is flapping between port Gi0/27 and port Gi0/28
> 
>   Problem is, this customer's VLAN transits one of our provider's q-in-q
> tunnels (along with several other customers), which is causing all sorts
> of bad.  On seeing this looping behaviour, our provider is shutting the
> entire tunnel down.  This is less than optimal, from our standpoint.
> 
>   Outside of asking my customer to clean up whatever is looped, which
> has been done, is there anything I can turn on (rate limit / flap
> detection / port security / etc) to clamp them before this becomes a
> problem?  Setting up MAC access-lists seems wrong...  We're talking a
> 3550, here.  At the moment, I'm having to manually rip their VLAN off of
> the port facing the q-in-q tunnel, which seems like a bigger hammer than
> necessary.
> 
>   Google results for the error message itself are slim, and everything I
> see for "flap" in the configuration guides is aimed toward protocols
> (BGP, LACP, etc), and not L2 stuff...
> 
>   Thanks in advance.
>

More information about the cisco-nsp mailing list