Switching

 View Only
last person joined: 3 days ago 

Ask questions and share experiences about EX and QFX portfolios and all switching solutions across your data center, campus, and branch locations.
  • 1.  MAC move message on SRX 320

    Posted 08-20-2018 13:31

    Hi,

     

    I am receiving the following message repeatedly:

     

    "L2ALD_MAC_MOVE_EXCEEDED_BD_ACTION_NONE: Limit on MAC moves exceeded at VLAN vlan-trust+1for MAC 00:ae:45:54:a0:6e moved from interface ge-0/0/2.0 to interface ge-0/0/5.0;Mac move limit is 0. No action ( Forwarding the packet)"

     

    I cannot find this MAC address within my show arp / dhcp server bind tables.  I have seen in the forums that this is possibly a loop.

     

    Not finding anywere in the SRX where i can set mac-move limits and actions.  Is this even something i should worry about?

     

    ge-0/0/2 {
        unit 0 {
            family ethernet-switching {
                vlan {
                    members vlan-trust;

     

    ge-0/0/5 {
        unit 0 {
            family ethernet-switching {
                interface-mode trunk;
                vlan {
                    members all;

     

    Repeats:

    Mon Aug 20 21:19:18 2018 vlan_name vlan-trust+1 mac 00:ae:45:54:a0:6e was moved from ge-0/0/5.0 to ge-0/0/2.0 with flags: 0x2101f
    Mon Aug 20 21:19:19 2018 vlan_name vlan-trust+1 mac 00:ae:45:54:a0:6e was moved from ge-0/0/2.0 to ge-0/0/5.0 with flags: 0x2101f

    *comes up as no vendor*

     

    Global Configuration:

    MAC aging interval    : 300
    MAC learning          : Enabled
    MAC statistics        : Disabled
    MAC limit Count       : 16383
    MAC limit hit         : Disabled
    MAC packet action drop: Disabled
    LE  aging time        : 1200
    LE  VLAN aging time   : 1200
    Global Mode           : Switching

     

    Routing instance        VLAN name             Tag          Interfaces
    default-switch          vlan-phones           100
                                                               ge-0/0/3.0
                                                               ge-0/0/4.0
                                                               ge-0/0/5.0*
    default-switch          vlan-ss               3
                                                               ge-0/0/3.0
                                                               ge-0/0/4.0
                                                               ge-0/0/5.0*
    default-switch          vlan-trust            1
                                                               ge-0/0/1.0*
                                                               ge-0/0/2.0*
                                                               ge-0/0/3.0
                                                               ge-0/0/4.0
                                                               ge-0/0/5.0*
                                                               ge-0/0/6.0
                                                               ge-0/0/7.0

     

    When i blocked the MAC address, IP phones at another location stopped working.  Anything i could try would be helpful



  • 2.  RE: MAC move message on SRX 320

    Posted 08-21-2018 04:41

    That particular mac string 00:ae:45: is not assigned to any company yet so apparently your ip phones are using this as a generated address.  Likely what is happening is the phones are using the same address via the software generating it being the same.

     

    That would account for the moves too as multiple devices using the same mac would appear to be mac moves to different interfaces.

     

    I would check with the ip phone vendor site to see if there are firmware updates that deal with the issue.

     



  • 3.  RE: MAC move message on SRX 320

    Posted 08-21-2018 07:14

    Ok, that is something i can look into.  I can see all the Cisco IP phone MAC addresses off the call manager.  None of those match.  I will reach out to cisco and see if any firmware updates might address this issue.



  • 4.  RE: MAC move message on SRX 320
    Best Answer

    Posted 08-21-2018 08:17

    What i did was put an input and output filter on the ge-0/0/2.0 interface with that mac address.  This is now preventing it from going back and forth across the interfaces.  Its a quick fix as i implement some additional configuration across the switches that connect to the SRX.



  • 5.  RE: MAC move message on SRX 320

    Posted 08-21-2018 09:45

    Ok that did not work.  Spanning tree and everything else is set up.  no where on the SRX can i even set an option for anything related to mac moves.  This MAC address does not exist.  I guess my only option is to unplug things and see if that stops.  Yay juniper...........great.


    @JonV27 wrote:

    What i did was put an input and output filter on the ge-0/0/2.0 interface with that mac address.  This is now preventing it from going back and forth across the interfaces.  Its a quick fix as i implement some additional configuration across the switches that connect to the SRX.


     



  • 6.  RE: MAC move message on SRX 320

    Posted 08-22-2018 03:56

    can you see the mac table of the switch the srx is connected to?

    What we really need is the port the devices generating this mac address are connected to.  The mac move on the SRX is upstream of that.