cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1579
Views
0
Helpful
3
Replies
Highlighted
Beginner

%C4K_EBM-4-HOSTFLAPPING on 4507

Good morning, I have a 4507.  Two weeks ago the network started to drop in and out and the diagnostic log showed  %C4K_EBM-4-HOSTFLAPPING and it showed flapping between multiple ports with multiple mac addresses. 

We replaced the switch with a spare 4507 we had on hand.  A week later the same thing happened. 

This time I unplugged the flapping ports, the network began to act normal and I plugged back in everything to the 4507 except for two access layer switches which were doing the bulk of the flapping.  I redirected what was plugged into the two access layer switches which were taken offline into other access layer switches where I found available space.

Any idea why this is happening and what is the triggering event?  One of the access layer switches I took offline was plugged into another access layer switch, which is a mistake and I removed the cable wondering if this was causing the loop. 

STP is on the switch, when this happens it seems to effect the two access layer switches, and some server that have dual nics.  i understand with dual nics the switch can see the same mac address in two different locations, but it's always been set up this way and spanning tree normally prevents loops, besides these two events.

I'm concerned this may happen again, can anyone help me understand why this is happening?

3 REPLIES 3
Highlighted
Cisco Employee

Re: %C4K_EBM-4-HOSTFLAPPING on 4507

Hi,

first of all let me tell that starting the troubleshooting of a problem with a hardware replacement is never a good idea... confirmation is that the same message popped up on another device few days after.

First thing you need to understand what the message is about and put it in your context.

The message you see is pretty much selfexplanatory and gives lots of  important info.

Its syntax is "%C4K_EBM-4-HOSTFLAPPING:Host [mac-addr] in vlan [dec] is flapping between port [char] and port [char]"

By comparing all the messages of the same type you should be able to:

1. Check whether the MAC address which is flapping is always the same or there are more

2. which vlan is involved

3. which port(s) is involved.

This info is much important as if you see multiple mac addresses flapping on multiple vlans on multiple ports you might start suspecting that you have a STP loop in your network and apply a troubleshooting approach meant to identify that.

If on the contrary you see the same address (or the same few ones) flapping in the same vlan on the same physical ports you might focus on those specific hosts and understand how they are connected to your network and why you see them on 2 (or more) paths.

Good informative link is the following TAC one:

https://www.ciscotaccc.com/kaidara-advisor/lanswitching/showcase?case=K12001084

You should start checking it out.

Also, at the end of your post you wrote that you are somehow identified a server with dual NICs. Do the flapping mac addresses belong to that server?

If yes, and the server is in dual-active mode sending traffic from the same mac what you see is expected. The fact that the servers was always connected the same way is not important. Do you manage that server? Are you 100% sure that nobody changed the way LB is achieved on it? Nobody changed software? These are the questions you need to answer as first thing.

After all the message is just informative as it is just telling you that an address that was previously learnt from a port has been seen from another. It is up to you understanding if this is expected or not and again you should not replace hardware like this.

Riccardo

Highlighted
Beginner

%C4K_EBM-4-HOSTFLAPPING on 4507

Thank you for your reply.  The messages were about multiple mac addresses on multiple ports.  With two ports specifically being the most frequent.  I don't think the dual nics is a problem because our servers have always had dual nics.  We recently installed an ip phone system.  When laying out phones some co-workers and I cross-connected these phones in our network room from their patch panel ports to access layer switches.  When reviewing the cross-connects of one of the switches that was  plugged into a flapping ports I noticed one of the cables was going from switch to switch, not switch to patch panel.  This was done in error.  Could this have cause this problem?

Highlighted
Cisco Employee

%C4K_EBM-4-HOSTFLAPPING on 4507

I don't think so. Switches are interconnected either directly or via patch panels.

The questions would be "how were they exactly connected?" - " Is STP correctly enabled?" and so on.

If multiple ports/MAC addresses were involved likely your network encountered a L2 loop.

CreatePlease to create content
Content for Community-Ad