What are MAC Move messages in the syslog?
Maybe you ever saw them, the dreaded MAC x.x.x in vlan y has moved from Port 1 to Port 2.
This is never a good sign and means that there is a misbehaving device in the network. It means that the switch learns/sees the same MAC address on two different ports and therefore isn’t sure which information is the correct one.
This is not a valid network setup and the switch will forward the traffic sometimes to Device 1 and sometimes to Device 2. Depending on the platform the switch will stop learning MAC Addresses for the affected VLAN for a period of time and then re-enables the learning in the hope that the situation has cleaned up.
On some Nexus 9000 Switches we had some messages in the log that exactly showed this issue.
|
|
This means that there were too many MAC flaps in VLAN 2100 and the switch then disabled learning for 2 minutes. Now there is one big issue with the output, we are missing the Port and MAC Address information.
How to see the port where the MAC Move occurs?
You saw in the log that there were some MAC Moves ongoing, but you are not sure what causes them. There is a command to show also the Port & MAC Address information to better understand where exactly the Move occurs.
The command depends on the Platform (as always :))
Cisco IOS
To see more information on classic IOS based devices, use the mac address table notification mac-move command.
With the no version, you can disable it again.
Nexus 3000, 4000, 5000 and 6000
On the Nexus 3000, 4000, 5000 and 6000 you need multiple commands to enable the detailed MAC Move information.
|
|
Nexus 7000 and 9000
To enable the detailed information about the MAC Move on the Nexus 7000 and 9000, it’s just a single command.
|
|
Output when detailed information is enabled
After you followed the steps above for your platform to enable the detailed output, you should now see something like this in the log.
|
|