• News
  • What should I do if my switch frequently experiences MAC address drift?

What should I do if my switch frequently experiences MAC address drift?

This issue shares the basic principles of networking. Let's take a look.

What is MAC Address Flapping?

MAC address flapping occurs when different ports on a switch learn the same MAC address within a short period of time. The later learned MAC address entries overwrite the original MAC address entries.

How Can I Determine Whether MAC Address Flapping Occurs on an Interface?

For example, for a Huawei switch, you can execute the command:

display mac-address flapping
  • 1.

View all MAC address drift history on the device. (The following information is for reference only. Please refer to the device for details.)

Original-Port indicates the source port where the MAC address drift occurs. Move-Ports indicates the ports where the MAC address drift occurs. There may be multiple ports where the MAC address drift occurs.

Possible Causes of MAC Address Flapping

  • Terminal roaming: Mobile terminals roam between APs or PCs quickly access multiple switches.
  • Network loop: A network loop may cause MAC address flapping.
  • Illegal MAC address attack: An abnormal terminal forges the MAC address of another terminal to join the network.
  • Terminals with the same MAC address: Terminals with the same MAC address access the network.

Diagnostic steps for MAC address flapping

(1) Impact of terminal roaming:

  • Check whether the terminal is roaming or the mobile PC is connected to a different port.
  • If it exists and the network application is normal, no further processing is required.

(2) Network loop:

  • Observe the blinking of the port indicator lights.
  • Check the packet receiving statistics of the switch port to determine whether there is a large increase in broadcast/multicast packets.

If it is confirmed that the cause is a network loop, you can remove the loops one by one by unplugging the cable, enabling the STP function, and enabling the loop protection function.

(3) Illegal MAC address attack:

Use the MAC address search function to find the port to which the abnormal terminal is connected.

Unplug the network cable of the port to which the abnormal terminal is connected to prevent it from attacking the network.

(4) Terminals with the same MAC address:

  • Check whether there is a terminal with the same MAC address.
  • Modify the terminal MAC address or eliminate the situation where multiple terminals use the same MAC address.