Configuring MAC Address Flapping Detection

Context

MAC address flapping detection enables the device to check all MAC addresses to detect MAC address flapping.

You are advised to configure an action to take for MAC address flapping on an uplink interface because it may interrupt uplink traffic.
When MAC address flapping detection is enabled, the switch can detect loops on a single point, but cannot obtain the entire network topology. If the network connected to the device supports loop prevention protocols, use the loop prevention protocols instead of MAC address flapping detection to eliminate loops.
If loops may occur on only a few VLANs, it is recommended that you set the loop prevention action to quit-vlan.
If loops may occur on a large number of VLANs, it is recommended that you set the loop prevention action to error-down. This action improves system performance. Additionally, the remote device can detect the error-down event so that it can quickly switch traffic to a backup link (if any).

Procedure

Run system-view
The system view is displayed.
Run mac-address flapping detection
MAC address flapping detection is enabled.

By default, MAC address flapping detection is enabled. The device detects MAC address flapping in all VLANs.
(Optional) Run mac-address flapping detection exclude vlan { vlan-id1 [ to vlan-id2 ] } &<1-10>
One or more VLANs are excluded from MAC address flapping detection.

By default, the switch performs MAC address flapping detection in all VLANs. In special scenarios, for example, when a switch is connected to a server with two network adapters in active-active mode, the server's MAC address may be learned on two interfaces of the switch. Such a MAC address flapping event does not need to be handled. You can exclude the VLAN where the server resides from MAC address flapping detection.
(Optional) Run mac-address flapping detection vlan { { vlan-id1 [ to vlan-id2 ] } &<1-10> | all } security-level { high | middle | low }
The security level of MAC address flapping detection is configured in one or more specified VLANs.

By default, the security level of MAC address flapping detection is middle. That is, the switch considers that MAC address flapping occurs when a MAC address flaps 10 times.
(Optional) Run mac-address flapping aging-time aging-time
The aging time of flapping MAC addresses is set.

By default, the aging time of flapping MAC addresses is 300 seconds. If the aging time of dynamic MAC addresses is excessive, a long time may elapse before MAC address flapping events can be detected.
(Optional) Configure an action to take and the priority of the action after MAC address flapping is detected on an interface.
1. Run interface interface-type interface-number
  The interface view is displayed.
2. Run mac-address flapping action { quit-vlan | error-down }
  An action is configured for the interface if MAC address flapping occurs on the interface.
  
  By default, no action is configured. If an interface is connected to a network that does not support loop prevention protocols, MAC address flapping may occur when the network contains a loop. Use this command to configure an action on the interface. When MAC address flapping is detected on the interface, the device takes the configured action. If the action is set to error-down, the device shuts down the interface. If the action is set to quit-vlan, the device removes the interface from the VLAN where MAC address flapping occurs. Only one interface can be shut down during one aging time of flapping MAC addresses.
  - Do not use the quit-vlan action together with dynamic VLAN functions such as GVRP.
  - When a MAC address flaps between an interface configured with the error-down action and an interface configured with the quit-vlan action, the former interface is shut down and the latter interface is removed from the VLAN. If a loop may occur between interfaces, you are advised to configure the same action for the susceptible interfaces.
3. Run mac-address flapping action priority priority
  The priority of the action against MAC address flapping is set.

Verifying the Configuration

Run the display mac-address flapping command to check information about MAC address flapping detection in a VLAN.

Action to Take After MAC Address Flapping Occurs

When MAC address flapping detection is configured, the switch reports alarms if it detects MAC address flapping. Multiple occurrences of the same alarm may indicate that a loop exists on the network. To remove the loop, run the shutdown command to shut down the interface specified in the MAC address flapping alarm. Alternatively, configure an action against MAC address flapping on the interface to remove the loop.

When configuring an action, pay attention to the following points:

If the action is set to error-down, the interface cannot be automatically restored after it is shut down. You can restore the interface by running the shutdown and undo shutdown commands or the restart command in the interface view.

To enable the interface to go Up automatically, you must run the error-down auto-recovery cause mac-address-flapping command in the system view before the interface enters the error-down state. This command enables an interface in error-down state to go Up and sets a recovery delay. The interface goes Up automatically after the delay.
If the action is set to quit-vlan, the interface can be automatically restored after a delay following its removal from the VLAN. The default recovery delay is 10 minutes. The recovery delay time can be set using the mac-address flapping quit-vlan recover-time time-value command in the system view.