I'm managing a small network (SERVER + 20 wifi AP + 7 computers) using two Cisco Catalyst 2960 and a CISCO router to which I have no access.
Few weeks we have changed our Wifi infrastructure (new Airlive devices) and connected them directly to one of these CISCO-s. The error I am receiving all the time is :
Description: Host xxxx.xxxx.xxxx in vlan 1 is flapping between port Fa0/48 and port Fa0/23
Explanation: not available
Recommended Action: not available
It is apperaing almost all the time. I tried changing the channels on the Ap-s to those with minimum overlap but it didn' help.
Hope you guys can figure this out
Grateful in advance,
The switch is telling you that a station with a particular MAC address appears to be connected to both ports Fa0/23 and Fa0/48. It knows that by receiving frames with the same sender MAC through both these ports. Something like that is not possible in a correctly connected and configured network.
Frankly, without knowing your topology and knowing to whom does the offending MAC address belong, it is hard to guide you exactly. However, you should check for any switching loops in your network that may result in a frame circulating and being flooded to several ports. Make sure what is the device with the particular MAC address, and verify how is it possible that its frames are received both by Fa0/23 and Fa0/48 on your switch. Understanding how can a single station send frames received by several ports on your switch is probably the key to solving your issue.
Modifying the WiFi channels probably won't help here. The channels have no direct influence on which path does a particular frame take.
Does this problem appear for only a single MAC address, or are there multiple MAC addresses reported as flapping?
I'm sorry for not letting you know the Topology of the network, but i received management of the network few weeks ago so we're sorting things out right now because the engineers before didn't do their job well.
I also may add that WLAN roaming is configured in the building with the same SSID but different channels.
There are various MAC addresses appearing in the warnings which made us think that the Wifi clients might be the problem.
Also, I did a little research and found out this: https://supportforums.cisco.com/thread/331938
For now I am unable to physically track down the device but I'll be able to do it in the next few days.
The roaming of wireless client could of course be at the core cause of your problem - the question is whether the switchports visible in the logs are connected to access points. It is also worth verifying why should a particular wireless client roam so often as to trigger the flapping message.
thank you for your help. As soon as it is possible I'll try to track down the devices by their MAC-s.
I am assuming that the two ports in question FA 0/48 and FA 0/23 are connected to two access points. If that assumption is correct, then the issue is with one of your clients changing between the adjacent access points to get better service. Typically wireless clients keep scanning the wireless infrastructure to see which AP can provide better service (load balancing on the wireless network). When they determine that the adjacent AP has less load, they associate with that AP. Each time the client associates with a new client, the AP has to send that MAC to the switch as well. So, if the switch sees this MAC address getting registered between multiple ports more frequently (beyond the threshold), then it will report it as a MAC flap issue. The notification is to ensure that, as an administrator, you take note of the flapping and check for any loops. If the MAC address is part of the wireless client set, then you can conveniently ignore the message or ensure that the load balancing feature is turned off.
Hope this helps.
A very nice wrap up. Do you know what are the thresholds for MAC flaps that trigger the log message Mate is seeing? I made a brief sketch over the documentation but I did not find any exact values.
Today we checked the network for loops and find none. The flapping errors are appearing again between multiple ports. We even changed the switch to another Cisco device, but nothing changed.
The interesting thing we spotted is that if we restart the Cisco device it works perfectly within about 10 minutes, but after that we start losing some AP-s cyclicaly. They're working, the next moment they're down again. At the same time green LED-s start blinking very on all the connected ports.
Is there any chance this could be virus related?
We are even suspicous on the overheating of the AP-s (they're pretty hot after fer hours of work).
Thankful in advance,
Are you seeing the interface flapping or just the MAC flapping? Are the ports that are in the MAC flap messages connect to access points that are adjacent to each other in the same geographic area? Would it be possible for you to turn of couple of those access points and see if that solves the issue? Also, can you see if the MAC flap is happening with specific MAC addresses? May be that those clients have configured their wireless card to have highest roaming agressiveness.
Hope this helps.
From the discussion i understand that you are recieving MAC flap errors on the switch after you chnaged the WiFi infrastructure.
In some cases with the APs installed in the network some amount of MAC flpas are expected when the wireless clients roam.
Please let me know the impact of this kind of MAC flap on your network.
Please rate if you find it useful
This problem is generally becuse of uplink from switchA having looping problem ,When it connects to Switch B.
It is better to check the redundency configs in switch A .