Troubleshooting L2 Forwarding Issues on Cisco Nexus Switches

Layer 2 forwarding is a critical function in any switch or router. When troubleshooting L2 connectivity issues, the MAC address table and forwarding information base (L2FIB) are key areas to inspect. On Cisco Nexus switches, several useful commands provide visibility into MAC addresses and L2 forwarding:

Show MAC Address Table Commands

show mac address-table: Displays the basic MAC table summary per VLAN

switch# show mac address-table
VLAN Mac Address Type Ports
--------+-----------------+---------+------------
1 00d0.ba86.1f3a dynamic Eth1/1
10 00d0.ba86.1f3b dynamic Eth1/2
100 00d0.ba86.1f3c dynamic Eth1/3

show mac address-table aging-time: Displays configured aging time per VLAN

switch# show mac address-table aging-time
VLAN Aging Time
---- ----------
1 300 sec
10 300 sec
100 300 sec
200 300 sec

show mac address-table count: Counts total MACs per VLAN

switch# show mac address-table count
VLAN Unicast MAC Count
----- -----------------
1 100
10 150
100 200
200 300
Total Unicast MAC Addresses in System (excluding CPU) = 750

show mac address-table dynamic: Shows only dynamic MAC addresses

switch# show mac address-table dynamic
VLAN Mac Address Type Ports
---------+-------+----------------+------+
1 0001.6400.1101 dynamic Eth1/1
10 0002.6400.1102 dynamic Eth1/2
100 0050.5678.9abc dynamic Eth1/3
200 0010.5678.9abd dynamic Eth1/4

Show Forwarding Information Commands

show forwarding distribution mac: Summarizes MAC addresses per module

switch# show forwarding distribution mac

FWD Distribution table Info:

Module 1:
Vlan 1:
MAC Count: 1000
MAC Miss: 0

Vlan 10:
MAC Count: 800
MAC Miss: 0

Module 2:
Vlan 1:
MAC Count: 900
MAC Miss: 0

Vlan 10:
MAC Count: 750
MAC Miss: 0

show forwarding distribution multicast: Multicast MAC forwarding info

switch# show forwarding distribution multicast

FWD Distribution Multicast table Info:

Module 1:
Vlan 1:
Multicast Group Count: 10
Group Miss: 0

Vlan 10:
Multicast Group Count: 15
Group Miss: 0

Module 2:
Vlan 1:
Multicast Group Count: 8
Group Miss: 0

Vlan 10:
Multicast Group Count: 12
Group Miss: 0

show platform fwmctrl l2: Forwarding manager L2 table details

switch# show platform fwmctrl l2

Info:
Table size: 2048
MAC addresses: 1250
MAC address learning: enabled
MAC address learning timeout: 300 sec
Total Forwarded Packets: 134567890

Debug Commands

show system internal l2fm info: L2 forwarding manager summary

switch# show system internal l2fm info

Information about L2FM (Layer 2 Forwarding Manager):
MAC Move update interval: 300 sec
MAC Move action: trap-and-log
Total MAC Moves: 500
Current MAC table count: 1200
Total MAC entries since boot: 5000

show system internal l2fm l2dbg macdb: Detailed MAC address table

switch# show system internal l2fm l2dbg macdb

MACDB Entries:
--------------------
MAC: 0000.0c9f.f4c8, VLAN: 1
State: dynamic
Interface: Eth1/1
Age: 10 sec
Flags: local, learned

MAC: 0000.0c9f.f4c9, VLAN: 10
State: dynamic
Interface: Eth1/2
Age: 20 sec
Flags: local, learned

MAC: 0000.0c9f.f4ca, VLAN: 100
State: dynamic
Interface: Eth1/3
Age: 30 sec
Flags: local, learned

show system internal l2fm pfmac stats: Packet forwarding MAC stats

switch# show system internal l2fm pfmac stats

Packet Forwarding MAC Statistics:
--------------------------------------
Total MAC Additions: 2000
Total MAC Deletions: 1500
Total MAC Moves: 100
Total MAC Updates: 500
MAC Learning Drops: 10

Last but not least, show system internal l2fm l2dbg macdb address. The “show system internal l2fm l2dbg macdb address” command on Cisco Nexus switches provides detailed information about MAC address entries in the layer 2 forwarding information base (L2FIB or MAC address table).

show system internal l2fm l2dbg macdb address 6ae4.29df.f873 vlan 200
Legend
------
Db:  0-MACDB, 1-GWMACDB, 2-SMACDB, 3-RMDB,    4-SECMACDB
Src: 0-UNKNOWN, 1-L2FM, 2-PEER, 3-LC, 4-HSRP
     5-GLBP, 6-VRRP, 7-STP, 8-DOTX, 9-PSEC 10-CLI 11-PVLAN
     12-ETHPM, 13-ALW_LRN, 14-Non_PI_MOD, 15-MCT_DOWN, 16 - SDB
     17-OTV, 18-Debounce Timer, 19-AM, 20-PCM_DOWN, 21 - MCT_UP
     22-L2VPN, 23-EFP, 24-DRV 25-ELTM
Slot:0 based for LCS 19-MCEC 20-OTV/ORIB

 VLAN: 200 MAC: 6ae4.29df.f873 FE ID: 2
  Time                     If/swid    Db Op                    Src Slot  FE  HW_ADDR Count
    Tue Mar  6 14:18:57 2023 0x1b027000 0  AGE                  3    0    2    0

 VLAN: 200 MAC: 6ae4.29df.f873
  Time                     If/swid    Db Op                    Src Slot  FE  HW_ADDR Count
    Sun Mar  4 09:37:12 2023 0x1b027000 0  UPDATE               3    0    1    0
    Sun Mar  4 09:37:12 2023 0x1b027000 0  UPDATE               2    20   0    0 1
    Sun Mar  4 09:37:14 2023 0x1b027000 0  UPDATE               3    0    5    0
    Tue Mar  6 14:18:57 2023 0x1b027000 0  DELETE               0    0    15   0
    Wed Mar  7 11:45:22 2023 0xffffffff 0  NOT_FOUND_INS_PC     2    20   0    0
    Wed Mar  7 11:45:22 2023 0xffffffff 0  INSERT               2    20   0    0
    Wed Mar  7 11:45:22 2023 0x1b027000 0  UPDATE               3    0    2    0
    Wed Mar  7 11:48:32 2023 0x1b027000 0  UPDATE               3    0    0    0
    Wed Mar  7 11:48:32 2023 0x1b027000 0  UPDATE               3    0    1    0
    Wed Mar  7 11:48:32 2023 0x1b027000 0  UPDATE               3    0    3    0
    Wed Mar  7 11:48:32 2023 0x1b027000 0  UPDATE               3    0    4    0
    Wed Mar  7 11:48:32 2023 0x1b027000 0  UPDATE               3    0    5    0
    Wed Mar  7 11:48:32 2023 0x1b027000 0  NOT_FOUND_INS_PC     2    20   0    0
    Wed Mar  7 11:48:32 2023 0x1b027000 0  UPDATE               2    20   0    0 1
    Wed Mar  7 11:48:33 2023 0x1b027000 0  UPDATE               2    20   0    0

Some main points about this command:

It is a debug-level command for troubleshooting L2 forwarding issues and requires admin-level access.
It shows detailed MAC address table entries, including MAC address, VLAN, logical and physical interfaces, aging timer, and flags.
The “address” parameter allows specifying a specific MAC address to look up. If omitted, all MAC addresses are shown.
It provides more details than the standard “show mac address-table” command, like logical vs physical interfaces and aging timer values.
The table maps MAC addresses to logical interfaces like port-channels. The actual physical interface is also shown.
Flags indicate details like whether it’s a static or dynamic entry, if remote vPC peer owns it, or if it’s mapped to an SVI.
This command is useful when debugging issues like MAC flapping, incorrect forwarding, or flooding due to incomplete MAC tables.
It can help validate synchronization and ownership of MAC addresses between vPC peers.

So in summary, the show system internal l2fm l2dbg macdb command displays the detailed contents of the L2 forwarding MAC address table on Cisco Nexus switches for troubleshooting purposes. It provides more details than the standard show MAC command.

The show system internal l2fm l2dbg macdb command provides the most comprehensive view of the L2FIB. It displays every MAC entry with details like interface, aging timer, VLAN, flags, etc. This can be useful for debugging MAC flapping, flooding, and learning issues.

Combining the standard show commands with debug-level forwarding info and L2FIB detail allows you to analyze the complete L2 forwarding behavior on Nexus switches. Always start with common show commands first before using debug commands.

Proactively monitoring MAC tables and L2 forwarding is also recommended to baseline expected behavior and more easily detect abnormalities.

Troubleshooting L2 Forwarding Issues on Cisco Nexus Switches

Show MAC Address Table Commands

Show Forwarding Information Commands

Debug Commands

Navigating VPN Tunnel Timeouts: Strategies for Maintaining Secure and Stable Connections

What is Ansible and What Are the Format Options Like YAML

AAA (Cisco Device and ISE Specific)

The Crucial Role of Documentation and Diagrams in IT Infrastructure Projects