No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Ethernet Switching

CloudEngine 8800, 7800, 6800, and 5800 V200R003C00

This document describes the configuration of Ethernet services, including configuring MAC address table, link aggregation, VLANs, MUX VLAN, Voice VLAN, VLAN mapping, QinQ, GVRP, VCMP, STP/RSTP/MSTP, VBST, SEP, RRPP, ERPS, LBDT, and Layer 2 protocol transparent transmission.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
MAC Address Flapping

MAC Address Flapping

What Is MAC Address Flapping

MAC address flapping occurs when a MAC address is learned by two interfaces in the same VLAN and the MAC address entry learned later overrides the earlier one. Figure 2-4 shows how MAC address flapping occurs. In the MAC address entry with MAC address 0011-0022-0034 and VLAN 2, the outbound interface is changed from GE1/0/1 to GE1/0/2. MAC address flapping can cause an increase in the CPU usage on the device.

MAC address flapping does not occur frequently on a network unless a network loop occurs. If MAC address flapping frequently occurs on your network, you can quickly locate the fault and eliminate the loops according to alarms and MAC address flapping records.

Figure 2-4 MAC address flapping

How to Detect MAC Address Flapping

MAC address flapping detection determines whether MAC address flapping occurs by checking whether outbound interfaces in MAC address entries change frequently.

After MAC address flapping detection is enabled, the device can report an alarm when MAC address flapping occurs. The alarm contains the flapping MAC address, VLAN ID, and outbound interfaces between which the MAC address flaps. A loop may exist between the outbound interfaces. You can locate the cause of the loop based on the alarm. Alternatively, the device can perform the action specified in the configuration of MAC address flapping detection to remove the loop automatically. The action can be quit-vlan (remove the interface from the VLAN) or error-down (shut down the interface).

Figure 2-5 Networking of MAC address flapping detection

As shown in Figure 2-5, a network cable is correctly connected between SwitchC to SwitchD, causing a loop between SwitchB, SwitchC, and SwitchD. When Port1 of SwitchA receives a broadcast packet, SwitchA forwards the packet to SwitchB. The packet is then sent to Port2 of SwitchA. After MAC address flapping detection is configured on SwitchA, SwitchA can detect that the source MAC address of the packet flaps from Port1 to Port2. If the MAC address flaps between Port1 and Port2 frequently, SwitchA reports an alarm about MAC address flapping to alert the network administrator.

NOTE:

MAC address flapping detection allows a device to detect changes in traffic transmission paths based on learned MAC addresses, but the device cannot obtain the entire network topology. It is recommended that this function be used on the interface connected to a user network where loops may occur.

How to Prevent MAC Address Flapping

MAC address flapping occurs on a network when the network has a loop or undergoes an attack.

During network planning, you can use the following methods to prevent MAC address flapping:
  • Increase the MAC address learning priority of an interface: When the same MAC address is learned on interfaces of different priorities, the MAC address entry on the interface with the highest priority overrides the MAC address entries on the other interfaces.
  • Prevent MAC address entries from being overridden on interfaces with the same priority: If the interface connected to a bogus network device has the same priority as the interface connected to an authorized device, the MAC address entry of the bogus device learned later does not override the original correct MAC address entry. If the authorized device is powered off, the MAC address entry of the bogus device is learned. After the authorized device is powered on again, its MAC address cannot be learned.
As shown in Figure 2-6, Port1 of the switch is connected to a server. To prevent unauthorized users from connecting to the switch using the server's MAC address, you can set a high MAC address learning priority for Port1.
Figure 2-6 Networking of MAC address flapping prevention
Translation
Download
Updated: 2019-05-08

Document ID: EDOC1100004351

Views: 128822

Downloads: 297

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next