Scenario:
Make: Cisco
Model: Cisco 2960 Series Switches
Mode: Command Line Interface [CLI]
Description: This article focuses on resolving issues where hosts experience instability or LAN/Wireless connections drop intermittently due to MAC address flapping. MAC flapping occurs when a switch detects the same MAC address appearing on multiple ports, causing confusion in the forwarding table. On Cisco switches, this problem is reported with the error message: “%SW_MATM-4-MACFLAP_NOTIF“. In the sections below, we will explore the causes of MAC address flapping and outline practical steps to resolve the issue, ensuring stable connectivity across your network.
Problem
At times, you may notice that LAN or wireless connections become unstable. When checking the logs on a Cisco switch, you might see entries beginning with: “%SW_MATM-4-MACFLAP_NOTIF“. This error typically indicates MAC address flapping, which occurs when the same MAC address is detected on two different interfaces within the same VLAN. As a result, the switch continuously updates its forwarding table, leading to intermittent connectivity issues.
Mar 1 03:45:34.177: %SW_MATM-4-MACFLAP_NOTIF: Host 70a8.70a8.70a8 in vlan 111 is flapping between port Gi2/0/1 and port Gi3/0/1
Mar 1 03:45:39.144: %SW_MATM-4-MACFLAP_NOTIF: Host 0456.0456.0456 in vlan 111 is flapping between port Gi2/0/1 and port Gi3/0/1
Mar 1 03:45:44.820: %SW_MATM-4-MACFLAP_NOTIF: Host c03c.c03c.c03c in vlan 111 is flapping between port Gi2/0/1 and port Gi3/0/1
Mar 1 03:45:45.296: %SW_MATM-4-MACFLAP_NOTIF: Host bcf1.bcf1.bcf1 in vlan 111 is flapping between port Gi2/0/1 and port Gi3/0/1
Mar 1 03:45:45.498: %SW_MATM-4-MACFLAP_NOTIF: Host f4b3.f4b3.f4b3 in vlan 111 is flapping between port Gi3/0/1 and port Gi2/0/1
Mar 1 03:45:51.619: %SW_MATM-4-MACFLAP_NOTIF: Host c8cb.c8cb.c8cb in vlan 111 is flapping between port Gi2/0/1 and port Gi3/0/1
Mar 1 03:45:55.310: %SW_MATM-4-MACFLAP_NOTIF: Host cc15.cc15.cc15 in vlan 111 is flapping between port Gi3/0/1 and port Gi2/0/1
Mar 1 03:46:02.031: %SW_MATM-4-MACFLAP_NOTIF: Host 04cf.04cf.04cf in vlan 111 is flapping between port Gi3/0/1 and port Gi2/0/1
Mar 1 03:46:02.737: %SW_MATM-4-MACFLAP_NOTIF: Host c03c.c03c.c03c in vlan 111 is flapping between port Gi3/0/1 and port Gi2/0/1
Mar 1 03:46:06.152: %SW_MATM-4-MACFLAP_NOTIF: Host cc15.cc15.cc15 in vlan 111 is flapping between port Gi3/0/1 and port Gi2/0/1
Solution
One of the primary causes of MAC address flapping is related to Spanning Tree Protocol [STP] configuration or BPDU (Bridge Protocol Data Unit) handling. Misconfigurations or inconsistencies in STP can create switching loops, which lead to MAC addresses being learned on multiple interfaces. To resolve this issue on a Cisco switch, carefully review and adjust the STP settings and BPDU status by following the recommended troubleshooting steps outlined below.
Step1: Login
SSH onto the switch using username and password. Refer to the article if you are facing issues “Couldn’t agree a key exchange algorithm” SSH Error with Putty while doing SSH onto the switch.
Step2: STP Status
Check the STP and BPDU status on global configuration. Follow the command shown below to check the STP status.
edledge-switch# sh spanning-tree summary
Switch is in pvst mode
Root bridge for: VLAN0001, VLAN002, VLAN003, VLAN004, VLAN0111,
EtherChannel misconfig guard is enabled
Extended system ID is enabled
Portfast Default is disabled
Portfast Edge BPDU Guard Default is enabled
Portfast Edge BPDU Filter Default is disabled
Loopguard Default is disabled
PVST Simulation Default is enabled but inactive in pvst mode
Bridge Assurance is enabled but inactive in pvst mode
UplinkFast is disabled
BackboneFast is disabled
Step3: Disable BPDU Filter
Disable the BDPU filter on the interfaces which are flapping or if possible disable it globally.
edledge-switch# conf t
edledge-switch(config)# int gig 2/0/1
edledge-switch(config-if)# spanning-tree bpdufilter disable
edledge-switch(config-if)# exit
edledge-switch(config)# exit
edledge-switch#
edledge-switch# conf t
edledge-switch(config)# int gig 3/0/1
edledge-switch(config-if)# spanning-tree bpdufilter disable
edledge-switch(config-if)# exit
edledge-switch(config)# exit
edledge-switch#
Step4: Enable Portfast
Enable STP portfast on the interfaces which are causing issues of MAC flap.
edledge-switch# conf t
edledge-switch(config)# int gig 2/0/1
edledge-switch(config-if)# spanning-tree portfast edge trunk
edledge-switch(config-if)# exit
edledge-switch(config)# exit
edledge-switch#
edledge-switch# conf t
edledge-switch(config)# int gig 3/0/1
edledge-switch(config-if)# spanning-tree portfast edge trunk
edledge-switch(config-if)# exit
edledge-switch(config)# exit
edledge-switch#
Step5: Save
Save the configuration changes done above.
edledge-switch# wr
Building configuration...
[OK]
The MAC address flapping issue should typically be resolved after applying the configuration changes mentioned earlier. However, if the problem persists, it is recommended to perform a firmware or IOS upgrade of Cisco 2960 switch stack. Upgrading ensures that any known bugs or stability issues related to MAC address handling are addressed in the latest software release.
If you are working with a standalone Cisco switch rather than a stack, you can refer to the dedicated guide on how to upgrade or downgrade the firmware/IOS for a single device.
EA00132
When applying *spanning-tree portfast trunk*,
%Warning: portfast should only be enabled on ports connected to a single
host. Connecting hubs, concentrators, switches, bridges, etc… to this
interface when portfast is enabled, can cause temporary bridging loops.
Use with CAUTION
Is it ok ?
Yes
are you sure this ok?
Yes