• Virtual machines lose network connectivity immediately after a Port Mirroring session is enabled.
• Physical network switches report "MAC move" or "MAC flapping" errors.
• Layer 2 forwarding is interrupted for approximately 120 seconds as the physical switch suspends MAC learning.

VMware vSphere ESXi

This issue occurs when a Remote Mirroring Source session is configured with the following parameters:

1. Source: A Port Group (e.g., VLAN 2079) with traffic direction set to "Both" (In/Out).
2. Destination: A physical NIC (vmnic) connected to the same physical switch used for production traffic.
3. Encapsulation: An Encapsulation VLAN ID is configured (e.g., VLAN 2076).

Because the mirrored traffic (containing the original VM MAC addresses) is sent out via a physical NIC to the production switch, the switch detects the same MAC addresses arriving from two different physical ports. This triggers MAC flap protection, causing the switch to stop MAC learning and drop traffic

To resolve this issue, ensure mirrored traffic is isolated from the production network:

1. Change Destination: Modify the port mirror session destination to a physical NIC (vmnic) that is connected to a dedicated monitoring switch or a dedicated sniffer device.
2. Isolate Traffic: Do not point the mirror destination to a vmnic that uplinks to the primary production business traffic switch unless that switch is specifically configured to handle mirrored traffic without MAC learning (e.g., an IDS/IPS port).
3. Verify Configuration: Ensure the source and destination are not sharing the same physical path to prevent loops.