This means loop!

A coworker came to me with an issue today. He asked if I’d ever seen this before and showed me:

.Aug 25 22:44:29 UTC: %C4K_EBM-4-HOSTFLAPPING: Host 00:00:85:DE:15:61 in vlan 54 is flapping between port Gi2/4 and port Gi2/2
.Aug 25 22:44:59 UTC: %C4K_EBM-4-HOSTFLAPPING: Host 00:00:85:DE:15:61 in vlan 54 is flapping between port Gi2/4 and port Gi2/2
.Aug 25 22:47:42 UTC: %C4K_EBM-4-HOSTFLAPPING: Host 00:00:85:DE:15:61 in vlan 54 is flapping between port Gi2/4 and port Gi2/2

I said “it means there’s a loop, give me the switch IP”. Then I began the mission of tracking down the loop. This was a pretty large site, but luckily I only had to go through a couple switches. Unfortunately this happened a couple hours ago and I didn’t save my work so we won’t be able to go through the real steps.

To track down a loop, you start with the “show mac-address-table address [flapping mac]” command:

SW1#sh mac-add add 0000.85de.1561
Unicast Entries
 vlan   mac address     type        protocols               port
-------+---------------+--------+---------------------+--------------------
    1    0000.85de.1561   dynamic ip                     GigabitEthernet2/2
   54    0000.85de.1561   dynamic ip                     GigabitEthernet2/4

We see that the MAC is coming in on port gi2/2 and gi2/4. One port will lead us to where that MAC is plugged in and the other will lead us to the loop. Pick a port and start working through. This is where CDP comes in handy:

BLV0001S#sh cdp nei gi1/2
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
 
Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
SW2                 Gig 2/2            160          S I      WS-C3560-4Gig 0/1

Next we move to that switch and so on and so forth. Eventually we will come to the switch with the loop. In this case one of our switches had a little workgroup switch plugged into two ports, in two separate VLANs, which is why it wasn’t caught by STP.

This was a short one, just quickly posting up a scenario I ran into today. Let me know if it needs more information or I left anything out.

Update: I’m including the error %SW_MATM-4-MACFLAP_NOTIF in this post, which is essentially the same issue.

Colby

Colby Glass has been in IT since 2002. He is currently a Systems Engineer (presales) with a Cisco Gold partner and holds the CCNP R/S, CCNP DC, CCDP, CCIP, JNCIA-ER.

More Posts