My device is cisco Nexus 6001 Chassis (one unit dc switch)
# show version
...
kickstart: version 7.2(1)N1(1)
system: version 7.2(1)N1(1)
...
I've configured mac move detection:
# conf t
# mac address-table notification mac-move
# logging level spanning-tree 6
# logging level fwm 6
# logging monitor 6
Looks like it is enabled:
# show running-config | include move
mac address-table notification mac-move
# show logging level
Facility Default Severity Current Session Severity
-------- ---------------- ------------------------
...
fwm 6 6
...
stp 3 6
...
But when I try to test this out (simply reconnect laptop on different ports of my switch), notifications are not sended to my logs.
The process of testing shown in picture:
Simply reconnecting between ports on downstream switches. The vlan is the same, so the mac is flaps between port on upstream NX-OS.
Maybe I've lost something important?
P.S. Maybe it is working when loop detection occurs.
Old cisco 7600 spams log messages a lot if mac flaps between intefaces.
P.S. Maybe there is problem in negative numbers.
# show mac address-table notification mac-move
MAC Move Notify Triggers: 2814884
Number of MAC Addresses added: -1214153019
Number of MAC Addresses moved: 0
Number of MAC Addresses removed: -1214196878
Best Answer
Physically moving a device from port to port will not trigger a mac-move event. When you disconnect from port A, the link drops and all state is discarded -- including any known MACs on that port. Similarly, when you (re)connect to port B, no previous state is known; there's no latent knowledge of where that MAC has previously been.
A mac-move event will only be triggered if a known MAC is seen on a port where it is not known to be. [currently in the CAM tables] (eg. a wireless client roaming between APs.) The purpose is to detect attempts at spoofing -- i.e. I claim to have the MAC of the exchange server and trick machines into sending me that traffic.