The small/medium manufacturing company I work for has address flapping on our Cisco 4507. Our network is a very simple star configuration with only the core switch, Cisco 4507, and access switches of Cisco 2950 or Cisco 2900xl. Single strands of copper or fiber to each access switch to the core.
We have recently deployed a McAfee Secure Internet Gateway v4.5 (3200) appliance. Since its deployment we have been getting the following flapping messages.
Description: Host 00:90:27:73:58:55 in vlan 1 is flapping between port Gi4/16 and port Gi3/26
Explanation: not available
Recommended Action: not available
There are 20 to 30 of these messages in a typical 24 hour period. The host mac and one port change but the constant is port Gi3/26. This also happens to be the port that the McAfee gateway device is attached to. I am certain that we have no spanning tree or cabling errors.
Hi, I read your post and the error are generated by vlan1 is flapping, once the vlan goes through it's learning, listening and forwarding modes spanning tree should keep the vlan active. The host mac-address is being learned on two gigabit interfaces sound like a possible spanning tree loop, is spanning tree enable? check your network topology, trace gig interfaces Gi4/16 Gi3/26.
here is what Cisco has to say about that error message. HTH
1. %C4K_EBM-4-HOSTFLAPPING: Host [mac-addr] in vlan [dec] is flapping between port [char] and port [char]
The specified host is detected as a source address on multiple ports. Typically, a host is supposed to be learned on only one port. A spanning tree loop is the most common cause of this condition. All traffic from the specified host is temporarily dropped. After 15 seconds, forwarding is reenabled. If the problem persists, the traffic from the problem host continues to be dropped indefinitely.
Recommended Action: Make sure that spanning tree is enabled to prevent spanning tree loops. If you have spanning tree disabled, make sure that you have no spanning tree loops in your network.
Common Issues with Catalyst 4500 Switches that Run Cisco IOS Software
Spanning tree is enabled "spanning-tree mode pvst"
I should have been clearer. The McAfee appliance is running in transparent bridge mode. What I suspect is that some packets are traversing the network passing through the McAfee appliance hitting the firewall and are being routed back in. When they appear from the McAfee gateway back onto the switch the switch does what switches do and creates a mac addresses entry because the packet source is the port it just appeared from.
It appears that the appliance isn't running in a true transparent mode. Or is there some other configuration that needs to happen on a Cisco IOS device when a transparent appliance is present?
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...