Switching

Good morning,

Currently we are dealing with access switches that are having a lot of mac moves that keep moving from the user ports to the trunk and back. What are some things to check? So far i have looked at the configurations like VSTP, loops, multicast forwarding, unnecessary User vlan tags etc. We have also went on site and verified all connections and did not find any physical loops. Please see attached of crude drawing the the buildings topology and log messages we see.  These are ex3400 running junos 20.4. Thank you for your time and assistance.

These kinds of frequent mac moves generally mean a loop happening.

Your diagram for the switches shows a loop free topology.  So that would mean the loop is happening by some accidental cabling connecting two ports in this vlan.

Since your local switch is bouncing between trunk and access port the next place to check is the same address move on the switch on the other side of the trunk.  Which two ports on this switch have the mac move.

And so on till you get to the other access ports where the address is appearing.  Two of these access ports are cross connected then in some fashion, either directly of via another downstream switch connected to your topology.  So physically inspecting cabling to these access ports would find the issue.

Good morning,

Currently we are dealing with access switches that are having a lot of mac moves that keep moving from the user ports to the trunk and back. What are some things to check? So far i have looked at the configurations like VSTP, loops, multicast forwarding, unnecessary User vlan tags etc. We have also went on site and verified all connections and did not find any physical loops. Please see attached of crude drawing the the buildings topology and log messages we see.  These are ex3400 running junos 20.4. Thank you for your time and assistance.

These kinds of frequent mac moves generally mean a loop happening.

Your diagram for the switches shows a loop free topology.  So that would mean the loop is happening by some accidental cabling connecting two ports in this vlan.

Since your local switch is bouncing between trunk and access port the next place to check is the same address move on the switch on the other side of the trunk.  Which two ports on this switch have the mac move.

And so on till you get to the other access ports where the address is appearing.  Two of these access ports are cross connected then in some fashion, either directly of via another downstream switch connected to your topology.  So physically inspecting cabling to these access ports would find the issue.

Good morning,

Currently we are dealing with access switches that are having a lot of mac moves that keep moving from the user ports to the trunk and back. What are some things to check? So far i have looked at the configurations like VSTP, loops, multicast forwarding, unnecessary User vlan tags etc. We have also went on site and verified all connections and did not find any physical loops. Please see attached of crude drawing the the buildings topology and log messages we see.  These are ex3400 running junos 20.4. Thank you for your time and assistance.

bonjour Steve, 

   can I hop in the discussion with a question I was about to ask  about mac moves? 

being confronted from time to time to those frequent mac move associated with a loop,  I'd like to receive some warning from my junipers that  they have actually mac adress move ? the system I think about for not to receive hundreds of emails would be for the switch to send these move warnings automatically to add to a  file located on a server somewhere. or add them to a file on the switch that would be sent to me every 15 mns 

without going in details, can you take me through the steps  to program my switches in Junos  so I can get this kind of advanced warning that a client is in trouble ? 

thanks,

show ethernet-switching mac-learning-log | match move | no-more 
Thu Mar 14 00:52:28 2024 vlan_name QinQ-3925 mac 80:8a:bd:c2:8a:42 was moved from ge-0/0/0.3925 to ge-0/0/11.3925 with flags: 0x2101f
Thu Mar 14 00:52:28 2024 vlan_name QinQ-3925 mac 00:08:a2:12:af:60 was moved from ge-0/0/11.3925 to ge-0/0/0.3925 with flags: 0x2101f
Thu Mar 14 00:52:28 2024 vlan_name QinQ-3925 mac 78:45:58:b7:5b:2d was moved from ge-0/0/0.3925 to ge-0/0/11.3925 with flags: 0x2101f

------------------------------
MICHEL LAPOINTE
GIRAT
QC, Canada

Original Message:
Sent: 03-12-2024 20:15
From: STEVE PULUKA
Subject: Mac Floating/ Mac Move

These kinds of frequent mac moves generally mean a loop happening.

Your diagram for the switches shows a loop free topology.  So that would mean the loop is happening by some accidental cabling connecting two ports in this vlan.

Since your local switch is bouncing between trunk and access port the next place to check is the same address move on the switch on the other side of the trunk.  Which two ports on this switch have the mac move.

And so on till you get to the other access ports where the address is appearing.  Two of these access ports are cross connected then in some fashion, either directly of via another downstream switch connected to your topology.  So physically inspecting cabling to these access ports would find the issue.

Good morning,

Currently we are dealing with access switches that are having a lot of mac moves that keep moving from the user ports to the trunk and back. What are some things to check? So far i have looked at the configurations like VSTP, loops, multicast forwarding, unnecessary User vlan tags etc. We have also went on site and verified all connections and did not find any physical loops. Please see attached of crude drawing the the buildings topology and log messages we see.  These are ex3400 running junos 20.4. Thank you for your time and assistance.

These kinds of frequent mac moves generally mean a loop happening.

Your diagram for the switches shows a loop free topology.  So that would mean the loop is happening by some accidental cabling connecting two ports in this vlan.

Since your local switch is bouncing between trunk and access port the next place to check is the same address move on the switch on the other side of the trunk.  Which two ports on this switch have the mac move.

And so on till you get to the other access ports where the address is appearing.  Two of these access ports are cross connected then in some fashion, either directly of via another downstream switch connected to your topology.  So physically inspecting cabling to these access ports would find the issue.

Good morning,

Currently we are dealing with access switches that are having a lot of mac moves that keep moving from the user ports to the trunk and back. What are some things to check? So far i have looked at the configurations like VSTP, loops, multicast forwarding, unnecessary User vlan tags etc. We have also went on site and verified all connections and did not find any physical loops. Please see attached of crude drawing the the buildings topology and log messages we see.  These are ex3400 running junos 20.4. Thank you for your time and assistance.

Good afternoon,

We were able to get in early on the site and could not find any physical loops that any clients accidentally created. Would there be any other ideas we can look into? We looked into configs but found nothing. We are using dynamic vlan tagging with Cisco ISE and we see the Mac move clients keep dropping and authenticating when they move. Should we try to disable dot1x on the trunk? We also use unknown-multicast forwarding that points to the CAN, should it direct to the DN? We have similar set ups at different buildings but they do not have issues. The AN, CAN, are virtual chassis with 3 switches virtualized together. The AN are ex3400 and the CAN is ex4300. One additional question, how does unknown-multicast forwarding work? Does it just keep forwarding the unknown destination address to another switch to have it figure out where it should send/ have that switch flood the frame? 

Thank you for the help and your time.

These kinds of frequent mac moves generally mean a loop happening.

Your diagram for the switches shows a loop free topology.  So that would mean the loop is happening by some accidental cabling connecting two ports in this vlan.

Since your local switch is bouncing between trunk and access port the next place to check is the same address move on the switch on the other side of the trunk.  Which two ports on this switch have the mac move.

And so on till you get to the other access ports where the address is appearing.  Two of these access ports are cross connected then in some fashion, either directly of via another downstream switch connected to your topology.  So physically inspecting cabling to these access ports would find the issue.

Good morning,

Currently we are dealing with access switches that are having a lot of mac moves that keep moving from the user ports to the trunk and back. What are some things to check? So far i have looked at the configurations like VSTP, loops, multicast forwarding, unnecessary User vlan tags etc. We have also went on site and verified all connections and did not find any physical loops. Please see attached of crude drawing the the buildings topology and log messages we see.  These are ex3400 running junos 20.4. Thank you for your time and assistance.