Configuring MAC Address Flapping Detection
Context
MAC address flapping detection enables the switch to check all MAC addresses to detect MAC address flapping.
- Configuring an action to take for MAC address flapping on an uplink interface may cause interruptions for important uplink traffic. Therefore, configuring an action is not recommended.
- The switch enabled with MAC address flapping detection can detect loops on a single point, but cannot obtain the entire network topology. If the network connected to the switch supports loop prevention protocols, use the loop prevention protocols instead of MAC address flapping detection to eliminate loops.
- If only a few VLANs on the user network encounter loops, it is recommended that you set the loop prevention action to quit-vlan.
- If a large number of VLANs on the user network encounter loops, it is recommended that you set the loop prevention action to error-down to improve system performance. Additionally, the remote switch can detect the error-down event so that it can quickly switch any traffic to a backup link.
Procedure
- Run:
system-viewThe system view is displayed.
- Run:
mac-address flapping detection
MAC address flapping detection is enabled.
By default, MAC address flapping detection is enabled. The switch detects MAC address flapping in all VLANs.
- (Optional) Run:
mac-address flapping detection exclude vlan { vlan-id1 [ to vlan-id2 ] } &<1-10>One or more VLANs are excluded from MAC address flapping detection.
By default, the system performs MAC address flapping detection in all VLANs. In special scenarios, a MAC address flapping event does not need to be handled and you can exclude a VLAN from MAC address flapping detection. For example, when a switch is connected to a server with two network adapters in active-active mode, the server's MAC address may be learned on two interfaces of the switch.
- (Optional) Run:
mac-address flapping detection vlan { { vlan-id1 [ to vlan-id2 ] } &<1-10> | all } security-level { high | middle | low }The security level of MAC address flapping detection is configured in one or more specified VLANs.
By default, the security level of MAC address flapping detection is middle. That is, the system considers that MAC address flapping occurs when a MAC address flaps 10 times.
- (Optional) Run:
mac-address flapping aging-time aging-time
The aging time of flapping MAC addresses is set.
By default, the aging time of flapping MAC addresses is 300 seconds. If the aging time of dynamic MAC addresses is long, a MAC address flapping event may be detected after a long time. To ensure that the system detects MAC address flapping quickly, shorten the aging time of flapping MAC addresses.
- (Optional) Configure an action to take after MAC address
flapping is detected on an interface and the priority of the action.
- Run:
mac-address flapping action { quit-vlan | error-down }An action is specified for the interface if MAC address flapping occurs on the interface.
By default, no action is configured. If an interface is connected to a user network that does not support loop prevention protocols, MAC address flapping may occur when there is a loop on the user network. Use this command to configure an action to take when MAC address flapping is detected on the interface. If the action is set to error-down, the switch shuts down the interface. If the action is set to quit-vlan, the switch removes the interface from the VLAN where the MAC address flapping occurs. This action can only shut down one interface per aging interval.
- Do not use the quit-vlan action together with dynamic VLAN functions such as GVRP, HVRP.
- When a MAC address flaps between an interface configured with the error-down action and an interface configured with the quit-vlan action, the former interface is shut down and the latter interface is removed from the VLAN. If a loop could be generated between interfaces, configure the same action for all the interfaces.
- Run:
Checking the Configuration
Run the display mac-address flapping command to check information about MAC address flapping detection in a VLAN.
Action to Take After MAC Address Flapping Occurs
When MAC address flapping detection is configured, the switch reports alarms when it detects MAC address flapping. If the same alarm is reported multiple times, a loop may exist on the network. To remove the loop, run the shutdown command to shut down the interface specified in the MAC address flapping alarm. Alternatively, configure an action against MAC address flapping on the interface to remove the loop.
When configuring an action against MAC address flapping on an interface to remove a loop, pay attention to the following points:
When the action is set to error-down, the interface cannot be automatically restored after it is shut down. You can only restore the interface by running the shutdown and undo shutdown commands or the restart command in the interface view.
To enable the interface to go Up automatically, you must run the error-down auto-recovery cause mac-address-flapping command in the system view before the interface enters the error-down state. This command enables an interface in error-down state to go Up and sets a recovery time. The interface goes Up automatically after the time expires.
- If the action is set to quit-vlan, the interface can be automatically restored after a specified time period after it is removed from the VLAN. The default recovery time is 10 minutes. The recovery delay time can be set using the mac-address flapping quit-vlan recover-time time-value command in the system view.