error : Host flapping

Unanswered Question
Nov 21st, 2007

Hi Experts ,

I was getting the error message on 4507R switches continuously which led a major outage.

1d17h: %C4K_EBM-4-HOSTFLAPPING: Host 00:00:5E:00:01:23 in vlan 33 is flapping between port Gi3/3 and port Po5

1d17h: %C4K_EBM-4-HOSTFLAPPING: Host 00:00:5E:00:01:21 in vlan 32 is flapping between port Gi3/3 and port Po5

1d17h: %C4K_EBM-4-HOSTFLAPPING: Host 00:00:5E:00:01:33 in vlan 51 is flapping between port Gi3/3 and port Po5

1d17h: %C4K_EBM-4-HOSTFLAPPING: Host 00:00:5E:00:01:35 in vlan 52 is flapping between port Gi3/3 and port Po5

1d17h: %C4K_EBM-4-HOSTFLAPPING: Host 00:00:5E:00:01:0F in vlan 15 is flapping between port Gi3/1 and port Po5

1d17h: %C4K_EBM-4-HOSTFLAPPING: Host 00:00:5E:00:01:23 in vlan 33 is flapping between port Gi3/3 and port Po5

1d17h: %C4K_EBM-4-HOSTFLAPPING: Host 00:00:5E:00:01:21 in vlan 32 is flapping between port Gi3/3 and port Po5

1d17h: %C4K_EBM-4-HOSTFLAPPING: Host 00:00:5E:00:01:33 in vlan 51 is flapping between port Gi3/3 and port Po5

Setup is as follows.

we configured HSRP between two 4507R switches and VRRP on Nortel FW.

4507R(g3/1 t0 g3/5 )-- Noretl FW(Port 0 to 4)

Ether-channel is configured between two switches i.e g1/1 & g1/2.

Vlans are configured on both 4507R and nortel FW.

Vlan 15 is access port and remaing vlans are trunk ports on switch and Nortel FW.

What could be the reason for these kind of messages.I already searched for known issue in Cisco, but nothing was found to resolve the issue.

Any help would be appreciated.

Thanks,

satish

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Loading.
Jon Marshall Thu, 11/22/2007 - 00:14

Hi Satish

This looks like a Spanning Tree issue. Could you clarify that po5 is made up of ports gi3/1 - 5 ?

When you run a "sh etherchannel summary" on the 4500 what do you see.

What protocol are you using for the etherchannel connection ?

Jon

smothuku Thu, 11/22/2007 - 01:50

Hi Jon ,

Thanksk for your reply..It look likes spanning tree issue.But spanning tree is enabled on both the 4507R switches.But nothing is applied on ports..means spanning tree port fast on ports connecting to Nortel FW.

Below is the ether-channel config on both the switches.

interface Port-channel5

description ****Ether channel between 4500 *****

switchport trunk encapsulation dot1q

switchport mode trunk

switchport

interface GigabitEthernet1/1

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 5 mode on

switchport

!

interface GigabitEthernet1/2

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 5 mode on

G1/1 and G1/2 are connected back-to-back using fiber cable.

Both the switches are now off-line and will send you the sh etherchannel summary output.

config on the switches :

interface GigabitEthernet3/1

description CONNECTED TO FW-1-ETH0

switchport access vlan 15

switchport mode access

interface GigabitEthernet3/2

description CONNECTED TO FW-1-ETH1

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 31

switchport mode trunk

interface GigabitEthernet3/3

description CONNECTED TO FW-1-ETH2

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 32,33,51,52

switchport mode trunk

interface GigabitEthernet3/4

description CONNECTED TO FW-1-ETH3

switchport access vlan 71

switchport mode access

These are connected to Nortel FW.

Thanks,

Satish

Jon Marshall Thu, 11/22/2007 - 02:51

Satish

The mac-address 00:00:5E.x.x.x is a multicast address. It looks like it could be something to do with your HSRP/VRRP setup. Could you provide details of exactly how it has been setup on both the Nortel FW and the 4507R.

Have you confirmed that Nortel FW fully supports 802.1Q.

Jon

glen.grant Thu, 11/22/2007 - 05:29

One other thing to check , we have seen things like when someone plugs 2 different ports together and it overwhelms the switch before spanning tree can do its job , in your case I would check ports 3/1 and 3/3 . Usually when this happens your switch can see itself on multiple ports via cdp and disable those will fix it . They could have plugged something in on 3/1 and 3/3 and bridged the vlans . What is on ports 3/1 and 3/3 ?

jarredtaylor Thu, 11/22/2007 - 07:17

Satish,

My customer has a very similar setup using dual 6500's and redundant Nokia appliances. The Nokia's use VRRP for the end networks they support (that is what you are seeing with the 0000.005e MAC's). Every night they would see this same problem. My immediate thought when I saw host flapping logs is that there must be a spanning tree loop somewhere. I looked and looked for potential loops and came up with nothing. Afterwards I found that the problem was actually that the VRRP 'hellos' were getting lost between the corresponding Nokia interfaces. In my customer's case it was happening during nightly backups when the interfaces in question were running at or near line rate. The Nokia does not prioritize these VRRP 'hellos', so each time the messages got lost the backup Nokia would take over and the switch would log the message above.

My customer was also using 802.1q trunks with multiple vlans associated with the physical interfaces in question. Also a majority of the traffic was coming in and going right back out the the same physical interface. In the case of the appliance we were using, that situation results in a maximum throughput of one half the line rate. Our solution was to bring up additional interfaces and offload some of the vlans to those interfaces.

That's a long story, but my suggestion would be to closely monitor the throughput on interfaces gig3/1 and gig3/3 and on the interfaces they connect to on the Nortel.

HTH

Albertdeng Thu, 11/22/2007 - 10:53

This issue usually happen when dual switch connect with HA (vrrp, hsrp, firewall HA), virtual MAC (for virtual ip) flapping .

smothuku Thu, 11/22/2007 - 20:37

Hi Taylor ,

Thnaks for your valuable info...We have sent the Dump taken from Nortel FW to TAC team and they suggested that load the SSI patch which was given by TAC Team.

What we are doing in our setup is we are connecting switch ports and FW ports one by one without waiting for few min. before connecting next port on both ends.

If i disable CDP enable on particular interfaces it may stop these kind of messages.

But we had a worst time last week when both the devices were been working for 4 hours during downtime...Later on FW stopped working and led to major outage.

FW was not allowing FTP , Telnet and other services except ping and trace route.

Any any policy is there in FW.We don't have any other policy on Nortel FW.still we faced unforgettable issue.

Thanks a lot once agian for your kind info.

why Nortel is not taking care about these kind of issues before delivery of new products.

Thanks,

satish

smothuku Sun, 01/20/2008 - 22:11

Dear Experts ,

last week end we were planning to put the nortel FW's into production.

We were getting the following message on switches after terminating nortel FW's on the switches.

1w0d: %C4K_EBM-4-HOSTFLAPPING: Host 00:00:5E:00:01:0F in vlan 15 is flapping between port Gi3/1 and port Po5ping 19

1w0d: %C4K_EBM-4-HOSTFLAPPING: Host 00:00:00:00:FE:21 in vlan 15 is flapping between port Po5 and port Gi3/1

setup is as follows.

noter FW1(port4-sync)----(port 4)nortel FW2 .

| |

4507R sw1 (HSRP & Etherchannel)4507Rsw2

Vlan 15 is defined on both switches.

Vlan 31 , 32 ,33,51 and 52 are deifned on nortel FW.

Valn 15 port is access port and remaining are trunk ports.

Both FW's are in sync i.e port 4 is connected back to back.

I've noticed that 1. When ether-channel is up , we are getting the hostflapping messages and we are not able to ping to FW2 from any any of the Switches.Not even from FW1.

2.If i shut down the port-channel , then FW1 is able to reach from sw1 and fw2 from sw2.

We were not getting the messages.

Whenever port channel is coming into picture at that time we are facing this problem.

Any help would be appreciated.

Thanks.

satish

hi

I'm living the same problem;

4:45.279 GMT: %C4K_EBM-4-HOSTFLAPPING: Host 00:1C:A8:A7:6E:08 in vlan 9 is flapping between port Gi6/33 and port Gi6/6

805260: *Feb  1 02:24:46.435 GMT: %C4K_EBM-4-HOSTFLAPPING: Host 04:0C:CE:A8:06:0D in vlan 9 is flapping between port Gi6/9 and port Gi6/33

805261: *Feb  1 02:24:49.023 GMT: %C4K_EBM-4-HOSTFLAPPING: Host D0:DF:9A:51:75:BC in vlan 9 is flapping between port Gi6/6 and port Gi6/33

805262: *Feb  1 02:24:49.155 GMT: %C4K_EBM-4-HOSTFLAPPING: Host D8:9E:3F:76:75:F9 in vlan 9 is flapping between port Gi6/15 and port Gi6/33

805263: *Feb  1 02:24:51.023 GMT: %C4K_EBM-4-HOSTFLAPPING: Host E0:CA:94:09:AD:50 in vlan 9 is flapping between port Gi6/33 and port Gi6/6

805264: *Feb  1 02:24:51.579 GMT: %C4K_EBM-4-HOSTFLAPPING: Host E4:E0:C5:0B:4D:25 in vlan 9 is flapping between port Gi6/33 and port Gi6/6

805265: *Feb  1 02:24:52.011 GMT: %C4K_EBM-4-HOSTFLAPPING: Host E4:E0:C5:0B:4D:25 in vlan 9 is flapping between port Gi6/33 and port Gi6/6

805266: *Feb  1 02:24:53.931 GMT: %C4K_EBM-4-HOSTFLAPPING: Host 8C:64:22:18:43:28 in vlan 9 is flapping between port Gi6/33 and port Po1

805267: *Feb  1 02:24:56.371 GMT: %C4K_EBM-4-HOSTFLAPPING: Host 40:5F:BE:F1:46:D9 in vlan 9 is flapping between port Gi6/33 and port Gi6/6

805268: *Feb  1 02:24:57.743 GMT: %C4K_EBM-4-HOSTFLAPPING: Host 00:1B:0C:99:26:3F in vlan 9 is flapping between port Po1 and port Gi6/33

805269: *Feb  1 02:24:57.891 GMT: %C4K_EBM-4-HOSTFLAPPING: Host 1C:65:9D:ED:7C:84 in vlan 9 is flapping between port Gi6/33 and port Gi6/6

805270: *Feb  1 02:24:59.347 GMT: %C4K_EBM-4-HOSTFLAPPING: Host D0:DF:9A:51:75:BC in vlan 9 is flapping between port Gi6/6 and port Gi6/33

805271: *Feb  1 02:25:01.759 GMT: %C4K_EBM-4-HOSTFLAPPING: Host 00:24:9F:59:76:03 in vlan 9 is flapping between port Gi6/21 and port Gi6/11

805272: *Feb  1 02:25:02.511 GMT: %C4K_EBM-4-HOSTFLAPPING: Host 4C:0F:6E:95:B7:8F in vlan 9 is flapping between port Gi6/33 and port Gi6/6 

Have learned about how to solve the

duraicisco123 Mon, 09/17/2012 - 17:40

I am also facing the same issue.. Need any troubleshooting steps..

015827: Sep 17 21:07:45.231: %C4K_EBM-4-HOSTFLAPPING: Host 00:15:60:53:6B:FB in vlan 100 is flapping between port Po1 and port Gi3/4

015828: Sep 17 21:15:00.236: %C4K_EBM-4-HOSTFLAPPING: Host 00:15:60:53:6B:FB in vlan 100 is flapping between port Gi3/4 and port Po1

Current configuration : 329 bytes

!

interface Port-channel1

switchport

switchport access vlan 3

switchport trunk native vlan 3

switchport trunk allowed vlan 3-5,45,99-101,201,254,255,400-402,501,662,666

switchport mode dynamic desirable

logging event link-status

no snmp trap link-status

end

Current configuration : 312 bytes

!

interface Vlan100

ip address 130.172.28.2 255.255.254.0

no ip redirects

no ip unreachables

no ip proxy-arp

no snmp trap link-status

standby 10 ip 130.172.28.1

standby 10 priority 110

standby 10 preempt delay minimum 300

standby 10 authentication Vlan100

end

!

interface GigabitEthernet3/4

switchport access vlan 4

switchport trunk native vlan 998

switchport trunk allowed vlan 4,100,662,666,998

switchport mode dynamic desirable

logging event link-status

end

Primary Switch:

h mac-address-table address 0015.6053.6bfb

Unicast Entries

vlan   mac address     type        protocols               port

-------+---------------+--------+---------------------+--------------------

100    0015.6053.6bfb   dynamic ip                    GigabitEthernet3/4

Secondary Switch:

sh mac-address-table address 0015.6053.6bfb

Unicast Entries

vlan   mac address     type        protocols               port

-------+---------------+--------+---------------------+--------------------

100    0015.6053.6bfb   dynamic ip,other              Port-channel1

401    0015.6053.6bfb   dynamic other                 Port-channel1

Actions

This Discussion