11-27-2008 11:29 PM - edited 03-06-2019 02:42 AM
Hi,
We have 6509 as backbone, 4948G as server swithces and 3560 as client switches. Yesterday 4548G switches did not work for two minutes. And produces that log:
Nov 27 14:00:46.113 TURKEY: %C4K_EBM-4-HOSTFLAPPING: Host 00:0C:6E:6E:F9:15 in vlan 106 is flapping between port Te1/49 and port Gi1/32
Every 4584G switch generated these hostflaping log. When i checked the error, cisco says: his error message appears on the switch when the switch detects the specified host address as a source address on multiple ports.
Te1/49 is trunk link to backbone(6509) and G1/32 is the of the server whose mac address is 00:0C:6E:6E:F9:15. So i understand that that mac adress advetised by another switch and then 4948 switch generated this log.
How can i find, which switch is producing this problem.
11-28-2008 12:16 AM
check on which port this Host 00:0C:6E:6E:F9:15 is connected to. i had a similar problem before and found out that the host has two interface connected to the same switch. Make sure your STP works well.
11-28-2008 01:08 AM
There are lots of mac address like 00:0C:6E:6E:F9:15. This mac address is one of them. STP works well. Our system has been working for one year and we had no problem.
11-28-2008 09:26 AM
Someone looped a connection somewhere on vlan 106 and probably 106 is trunked to multiple switches . Sometimes you can use cdp neighbor and you will see multiple port where the switch actual see's itself as a neighbor . If the messages have stopped and the loop is gone you will have a hard time finding where it was . I would still hunt down that mac address , its probably in the arp table of the l3 device and then do a show mac to see where the device is that it is hooked to .
11-28-2008 09:34 AM
i totally agree with Glens observation of a loop.I faced such an issue when we had a physical loop, which sometimes may not n=be detected by the cisco switches ,if the loops are created by a thirdparty switch which wont send BPDU's. So best way to trouble shoot this issue is to find out whether you have added any thirdparty switch added in recent days in ur network or u have done any physical changes recently.That may help u to find the culprit.
Ullas
11-28-2008 11:03 AM
Thank you for the response. the thing is only 4500 affected, we have 10 of them, only 4500 switches effected from this. Why 3560s or 6509s not effected or not created any trap?
We disable all cdps for security reasons. is that possible to only enable on trunk ports?
we have esx servers which have trunk connections to switches. do esx servers can create loops?
12-01-2008 07:23 AM
Hi
Enabling CDP only on trunk ports wont help in detecting the loops in this scenario.
Ullas
12-01-2008 07:29 AM
so,
how can i understand where the loop is?
12-01-2008 08:01 AM
Loop detection is not always easy if we dont understand the physical topology.If you know the physical topology well ,the identfy the root bridge and find the up link trunks from it to all non root bridges. See for any inconsistent ports . See for more uplink paths to the root brige than the usual ones.
A good document which explains the whole process follows
http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00800951ac.shtml
HTH
Ullas
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide