macflaps

ammahend
Getting noticed

macflaps

we are seeing macflaps on cisco switches connected to meraki AP, we normally see them coming from wireless vlans, but they are also coming from data vlan, when tracking the mac address, its origin in always an AP port.

any idea why we will see data vlan mac address coming from AP port.

wireless vlans are 13-14, AP is part of vlan 5, but we are seeing macflaps from vlan 21,22,23,24,25.26 etc . 

we have checked there is no spanning free loop. 

10 REPLIES 10
alemabrahao
Kind of a big deal
Kind of a big deal

If I'm right it's normal when clients roam.

 

It means the client roamed from one AP to another and then back to the first within a fairly short time. That's all. It's just a warning that the clients mac address is moving around, which is normal if the person moves the device

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
RaphaelL
Kind of a big deal
Kind of a big deal

Just like alemabrahao , this is 'normal' : https://documentation.meraki.com/MS/Monitoring_and_Reporting/Loop_and_MAC_Flap_Detection_on_MS

 

  • If access points are on bridge mode MAC flap event log may be seen if wireless client roams between access points faster than switch MAC address table expiration.

  • which could mean there is a loop in the topology, or a misbehaving wireless client roaming back and forth between access points. 

 

The clients might be roaming a bit too much and back and forth.

if there was a mac flap between vlan 13,14 i get it.

but as i said i am seeing data vlan mac flap, coming from AP, I dont think  this is expected behavior. 

RaphaelL
Kind of a big deal
Kind of a big deal

Super easy to figure out. Take a packet capture on the interfaces that are showing a MAC flap.

 

What are the MAC that are flapping ? Wireless clients ?-

so i am taking capture on meraki AP wired port ? 

keep in mind meraki capture do not show vlan info. 

what exactly should i be looking for in capture ? 

the mac flaps are both wired and wireless clients, i am not worried about wireless clients thats expected. 

ww
Kind of a big deal
Kind of a big deal

The ap's are just connected with 1 link to the switch?

 

In case you have trunk all, You could try just allow the wireless vlans on switchports and see if that helps

 

ammahend
Getting noticed

yes, thats the first thing i did, and i dont see the other vlan mac flaps other than wireless, but it just mean traffic is being dropped at switch port. but it does not give me a root cause of why its happening. i an concerned because its effecting user performance. 

A MAC Flap is caused when a switch receives packets from two different interfaces with the same source MAC address.

If you are getting the behavior for a lot of other MACs, that most likely is a layer 2 loop.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

So try to find the different interfaces with the same source MAC address.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
RaphaelL
Kind of a big deal
Kind of a big deal

Just to be sure to really understand your issue. 

 

You are having logs on a Cisco Switch that says that host X is flapping on interface X,Y which are both interfaces towards Meraki AP.  Host X is currently wired and the MAC is his wired MAC. 

 

RaphaelL_1-1665767900199.png

 

The only way I could see that happening , if the AP are in a wireless bridge together. 

Eg : packet A comes on Gi1/0/1 , AP1 forwards the packet to AP2 , AP2 forwards the packet on Gi1/0/2. The switch learns the MAC on int Gi1/0/2 and so on. I might be completly off the track though.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels