No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.

Troubleshooting Guide
CloudEngine 16800, 12800, 12800E, 8800, 7800, 6800, and 5800 Series Switches
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
How Do I Process MAC Address Flapping?

How Do I Process MAC Address Flapping?

  1. Determine the interface where MAC address flapping occurs.

    Run the display mac-address flapping command to check all historical records of MAC address flapping on the switch. (The following information is used for reference only. The display depends on the device configuration.)
    <HUAWEI> display mac-address flapping 
    MAC Address Flapping Configurations :
      Flapping detection          : Enable
      Aging  time(s)              : 300
      Quit-VLAN Recover time(m)   : --
      Exclude VLAN-list           : --
      Security level              : Middle
    S  : start time    E  : end time    (D) : error down
    Time                  VLAN MAC Address    Original-Port  Move-Ports     MoveNum
    S:2011-12-11 11:00:08 3    0000-08cc-2206 10GE1/0/1      10GE1/0/2      120  
    E:2011-12-11 11:33:13 
    Total items on slot 1: 1

    Original-Port: indicates the interface that learns the MAC address first. Move-Ports indicates the interface that learns the MAC address later. There may be multiple values of Move-Ports.

  2. Check whether a loop occurs.

    • Run the display interface brief | include up command to check traffic on the interface. Run this command multiple times to check traffic.

      When the switch is deployed on a network where loops occur, the response speed of the switch is slow. Check traffic on all interfaces in Up state. The values of InUti (inbound bandwidth usage) and OutUti (outbound bandwidth usage) increase gradually on the interface where a loop occurs, and even approximate 100%, exceeding service traffic.

      Compare bandwidth usage of interface traffic with that of normal services. If bandwidth usage of interface traffic is much larger than that of normal services, a loop may occur.
      • If a broadcast storm occurs on only one interface, a self-loop may occur or a loop may occur on the downstream device.
      • If broadcast storms occur on two interfaces, a loop may occur between interfaces.
      • If a broadcast storm occurs on more interfaces, a self-loop may occur and a loop may occur on the downstream device or between interfaces.
    • Run the display trapbuffer command to check whether a large number of duplicate logs are generated.

      When a loop occurs, packets of some protocols such as OSPF are lost or looped back to the local device, or there are multiple copies of replicated packets. As a result, the protocol status may become unstable. If there are many logs about the preceding information, a loop may occur.

    • Run the display cpu-defend statistics [ history ] [ packet-type packet-type ] { all | slot slot-id } command to check whether protocol packets such as ARP packets sent to the CPU are suppressed and discarded.

    Eliminate the loop when there is the loop on the network.
    • Check whether network cables are incorrectly connected and whether basic configurations are correct.
    • If services are seriously affected and need to be restored immediately, remove the interface from the VLAN where a loop occurs, shut down the interface where a loop occurs, and remove the fiber where a loop occurs.
  3. Check whether terminals use the same MAC address or whether there are MAC attacks from malicious users.

    If the alarm about MAC address flapping involves one or few MAC addresses and the interface statistics are normal, check whether terminals connected to the interface that sends the alarm about MAC address flapping use the same MAC address. If the terminals use the same MAC address, change the MAC address of terminals or use other methods to prevent this situation. If there are MAC attacks from malicious users, prevent the malicious users from connecting to the network.

    When multiple network adapters connect to a server, add the interface of the switch connected to the server to the Eth-Trunk or disable MAC address flapping detection in a VLAN.

  4. Collect information and seek technical support.

Updated: 2020-01-07

Document ID: EDOC1000060766

Views: 661258

Downloads: 3048

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Previous Next