[c-nsp] Catalyst switches and %C4K_EBM-4-HOSTFLAPPING

[Henry-Nicolas Tourneur]

Hi there,

 

I’v a question regarding MAC Address flapping between 2 Ethernet ports on
standard Catalyst switches (4500 for instance, also 2960G).

 

We split services into different VLAN on our Ethernet devices
(switches/routers).

In case of IP services (internet access), the MAC Address of the router is
the same inside all VLAN/services (same physical interface on the router).

 

So, if a customer starts to transmit frames with the same source MAC Adr as
our router, the switch will flap between both ports for this MAC Adr.

 

Then my questions are:

1.      How will the Catalyst react if a MAC Adr flaps within only one VLAN?
Will the same MAC Adr be impacted inside other VLAN? 
Details hereunder.

2.      How can we protect against this? Is it possible to disable temporary
only a VLAN and not a port (some ports being trunks
)?

 

Thanks for your help,

 

* SW_NAME#sh mac-address-table | i d01b 

 100    0014.1c5c.d01b   dynamic ip                    GigabitEthernet2/1


 101    0014.1c5c.d01b   dynamic ip                    GigabitEthernet2/1


 102    0014.1c5c.d01b   dynamic ip                    GigabitEthernet2/1


 103    0014.1c5c.d01b   dynamic ip                    GigabitEthernet2/1


 104    0014.1c5c.d01b   dynamic ip                    GigabitEthernet2/1


 105    0014.1c5c.d01b   dynamic ip                    GigabitEthernet2/1


 106    0014.1c5c.d01b   dynamic ip                    GigabitEthernet2/1


 107    0014.1c5c.d01b   dynamic ip                    GigabitEthernet2/1


 109    0014.1c5c.d01b   dynamic ip                    GigabitEthernet2/1


 111    0014.1c5c.d01b   dynamic ip                    GigabitEthernet2/1


 113    0014.1c5c.d01b   dynamic ip                    GigabitEthernet2/1


 

è How will the switch react if for VLAN 102, the same MAC Address appears on
port Gi1/2 and not 2/1.