MAC Address Flapping

What Is MAC Address Flapping

MAC address flapping occurs when a MAC address is learned by two interfaces in the same VLAN and the MAC address entry learned later overrides the earlier one. Figure 2-4 shows an example of MAC address flapping. The outbound interface for the MAC address entry with MAC address 0011-0022-0034 and VLAN 2 changes from GE1/0/1 to GE1/0/2. MAC address flapping can cause an increase in the CPU usage on the switch.

MAC address flapping does not occur frequently on a network unless a network loop exists. If MAC address flapping frequently occurs on your network, you can quickly locate the fault and eliminate the loops by checking the alarms and MAC address flapping records.

Figure 2-4  MAC address flapping

How to Detect MAC Address Flapping

MAC address flapping detection determines whether MAC address flapping occurs by checking whether outbound interfaces in MAC address entries change frequently.

With MAC address flapping detection, the switch can generate an alarm when MAC address flapping occurs. The alarm contains the flapping MAC address, VLAN ID, and outbound interfaces between which the MAC address flaps. You can locate the cause of the loop using the alarm. Alternatively, the switch can be configured to automatically remove the interface from the VLAN (using the quit-vlan action) or shut down the interface (using the error-down action).

Figure 2-5  MAC address flapping detection

In Figure 2-5, a network cable is incorrectly connected between SwitchC to SwitchD, creating a loop between SwitchB, SwitchC, and SwitchD. When Port1 of SwitchA receives a broadcast packet, SwitchA forwards the packet to SwitchB. The packet then goes through the loop and is sent back to Port2 of SwitchA. After MAC address flapping detection is configured on SwitchA, SwitchA can detect that the source MAC address of the packet flaps from Port1 to Port2. If the MAC address flaps between Port1 and Port2 frequently, SwitchA reports a MAC address flapping alarm to alert the network administrator.

MAC address flapping detection allows a switch to detect changes in traffic transmission paths based on learned MAC addresses, but the switch does not know the entire network topology. It is recommended that this function be used on the interface connected to a user network where loops may occur.

• Increase the MAC address learning priority of an interface: When the same MAC address is learned on interfaces with different priorities, the MAC address entry on the interface with the highest priority takes precedence.
• Prevent MAC address entries from being overridden on interfaces with the same priority: When the same MAC address is learned on interfaces with the same priority, the MAC address learned later will not override the original entry. Therefore, a false entry cannot override an existing correct entry.

If an authorized device associated with the correct entry is powered off, the MAC address entry of another device can be learned. This will prevent the original entry to being learned when it is powered back on.