Port flapping is a situation where a port on a switch changes its status between up and down for a short time. Port flapping is usually caused by damaged, misfit, or non-standard cables, problematic SFP (Small Form-factor Pluggable) modules, or other link synchronization issues.
Port flapping can be temporary or permanent, depending on the cause and the type of switch affected. Port flapping can affect network availability and performance because switches must constantly learn and remove the MAC address associated with the flapping port.
How to Solve Port Flapping
To resolve port flapping, the first step is to identify the port that is flapping and the MAC address associated with it. This can be done by looking at the log message on the switch, which usually contains information like this:
%SW_MATM-4-MACFLAP_NOTIF: Host 0011.002.0034 in vlan 2 is flapping between port Gi0/1 and port Gi0/2
The log message indicates that MAC address 0011.0022.0034 on VLAN 2 detected flapping between port Gi0/1 and port Gi0/2. The next step is to trace that MAC address to the end device and examine the cables, SFP modules, and port configurations involved. Some things to note are:
- Make sure the cables used are following the standards and specifications of the switch, and that there is no physical damage or loose connections. If necessary, replace the cable with a new one and conduct a cable test.
- Make sure the SFP module used is compatible with the connected switches and ports, and that no damage or dust interferes with the connection. If necessary, clean or replace the SFP module with a new one.
- Make sure the configuration of the ports involved matches the needs of the network, and that there are no errors or inconsistencies. Some aspects of the configuration that need to be checked are port mode (access, trunk, or hybrid), port speed and duplex, auto-negotiate feature, power-saving feature, and spanning tree feature.
- Make sure there are no other network issues that could be causing port flapping, such as loops, broadcast storms, or MAC spoofing attacks. Use network monitoring and analysis tools to identify and isolate such issues.
MAC Flapping
MAC flapping is a situation where a MAC address is learned by two or more ports on a switch in the same VLAN, and the last learned MAC address entry replaces the previous one. MAC flapping is usually caused by two devices having the same MAC address due to a factory error, or MAC address table poisoning attacks that aim to disrupt switches by sending fake packets with different MAC addresses. MAC flapping can cause switches to send packets to the wrong port, or even to all ports in the same VLAN, causing connection and network security problems.
How to Solve MAC Flapping
To resolve MAC flapping, the first step is to identify the flapping MAC address and the ports involved. This can be done by looking at the log message on the switch, which usually contains information like this:
%SW_MATM-4-MACFLAP_NOTIF: Host 0011.002.0034 in vlan 2 is flapping between port Gi0/1 and port Gi0/2
The log message indicates that MAC address 0011.0022.0034 on VLAN 2 detected flapping between port Gi0/1 and port Gi0/2. The next step is to trace that MAC address to the end device and check if any devices have the same MAC address or if there is an ongoing network attack. Some things to note are:
- Make sure no two devices have the same MAC address in the same VLAN, as this can cause conflicts and flapping. If applicable, change the MAC address of one device to make it unique and not the same as the other.
- Make sure there is no MAC address table poisoning attack in progress, which can be done by sending fake packets with different MAC addresses to the switch. If applicable, use the switch’s security features to prevent and detect such attacks, such as port security, MAC address filtering, dynamic ARP inspection, or DHCP snooping.
- Make sure there are no loops or broadcast storms that could cause the switch to receive packets with the same MAC address from different ports. If present, use the spanning tree feature to prevent and resolve loops, and use the storm control feature to prevent and resolve broadcast storms.