11-21-2007 08:38 PM - edited 03-05-2019 07:34 PM
Hi Experts ,
I was getting the error message on 4507R switches continuously which led a major outage.
1d17h: %C4K_EBM-4-HOSTFLAPPING: Host 00:00:5E:00:01:23 in vlan 33 is flapping between port Gi3/3 and port Po5
1d17h: %C4K_EBM-4-HOSTFLAPPING: Host 00:00:5E:00:01:21 in vlan 32 is flapping between port Gi3/3 and port Po5
1d17h: %C4K_EBM-4-HOSTFLAPPING: Host 00:00:5E:00:01:33 in vlan 51 is flapping between port Gi3/3 and port Po5
1d17h: %C4K_EBM-4-HOSTFLAPPING: Host 00:00:5E:00:01:35 in vlan 52 is flapping between port Gi3/3 and port Po5
1d17h: %C4K_EBM-4-HOSTFLAPPING: Host 00:00:5E:00:01:0F in vlan 15 is flapping between port Gi3/1 and port Po5
1d17h: %C4K_EBM-4-HOSTFLAPPING: Host 00:00:5E:00:01:23 in vlan 33 is flapping between port Gi3/3 and port Po5
1d17h: %C4K_EBM-4-HOSTFLAPPING: Host 00:00:5E:00:01:21 in vlan 32 is flapping between port Gi3/3 and port Po5
1d17h: %C4K_EBM-4-HOSTFLAPPING: Host 00:00:5E:00:01:33 in vlan 51 is flapping between port Gi3/3 and port Po5
Setup is as follows.
we configured HSRP between two 4507R switches and VRRP on Nortel FW.
4507R(g3/1 t0 g3/5 )-- Noretl FW(Port 0 to 4)
Ether-channel is configured between two switches i.e g1/1 & g1/2.
Vlans are configured on both 4507R and nortel FW.
Vlan 15 is access port and remaing vlans are trunk ports on switch and Nortel FW.
What could be the reason for these kind of messages.I already searched for known issue in Cisco, but nothing was found to resolve the issue.
Any help would be appreciated.
Thanks,
satish
11-22-2007 12:14 AM
Hi Satish
This looks like a Spanning Tree issue. Could you clarify that po5 is made up of ports gi3/1 - 5 ?
When you run a "sh etherchannel summary" on the 4500 what do you see.
What protocol are you using for the etherchannel connection ?
Jon
11-22-2007 01:50 AM
Hi Jon ,
Thanksk for your reply..It look likes spanning tree issue.But spanning tree is enabled on both the 4507R switches.But nothing is applied on ports..means spanning tree port fast on ports connecting to Nortel FW.
Below is the ether-channel config on both the switches.
interface Port-channel5
description ****Ether channel between 4500 *****
switchport trunk encapsulation dot1q
switchport mode trunk
switchport
interface GigabitEthernet1/1
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 5 mode on
switchport
!
interface GigabitEthernet1/2
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 5 mode on
G1/1 and G1/2 are connected back-to-back using fiber cable.
Both the switches are now off-line and will send you the sh etherchannel summary output.
config on the switches :
interface GigabitEthernet3/1
description CONNECTED TO FW-1-ETH0
switchport access vlan 15
switchport mode access
interface GigabitEthernet3/2
description CONNECTED TO FW-1-ETH1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 31
switchport mode trunk
interface GigabitEthernet3/3
description CONNECTED TO FW-1-ETH2
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 32,33,51,52
switchport mode trunk
interface GigabitEthernet3/4
description CONNECTED TO FW-1-ETH3
switchport access vlan 71
switchport mode access
These are connected to Nortel FW.
Thanks,
Satish
11-22-2007 02:21 AM
11-22-2007 02:51 AM
Satish
The mac-address 00:00:5E.x.x.x is a multicast address. It looks like it could be something to do with your HSRP/VRRP setup. Could you provide details of exactly how it has been setup on both the Nortel FW and the 4507R.
Have you confirmed that Nortel FW fully supports 802.1Q.
Jon
11-22-2007 05:29 AM
One other thing to check , we have seen things like when someone plugs 2 different ports together and it overwhelms the switch before spanning tree can do its job , in your case I would check ports 3/1 and 3/3 . Usually when this happens your switch can see itself on multiple ports via cdp and disable those will fix it . They could have plugged something in on 3/1 and 3/3 and bridged the vlans . What is on ports 3/1 and 3/3 ?
11-22-2007 07:17 AM
Satish,
My customer has a very similar setup using dual 6500's and redundant Nokia appliances. The Nokia's use VRRP for the end networks they support (that is what you are seeing with the 0000.005e MAC's). Every night they would see this same problem. My immediate thought when I saw host flapping logs is that there must be a spanning tree loop somewhere. I looked and looked for potential loops and came up with nothing. Afterwards I found that the problem was actually that the VRRP 'hellos' were getting lost between the corresponding Nokia interfaces. In my customer's case it was happening during nightly backups when the interfaces in question were running at or near line rate. The Nokia does not prioritize these VRRP 'hellos', so each time the messages got lost the backup Nokia would take over and the switch would log the message above.
My customer was also using 802.1q trunks with multiple vlans associated with the physical interfaces in question. Also a majority of the traffic was coming in and going right back out the the same physical interface. In the case of the appliance we were using, that situation results in a maximum throughput of one half the line rate. Our solution was to bring up additional interfaces and offload some of the vlans to those interfaces.
That's a long story, but my suggestion would be to closely monitor the throughput on interfaces gig3/1 and gig3/3 and on the interfaces they connect to on the Nortel.
HTH
11-22-2007 10:53 AM
This issue usually happen when dual switch connect with HA (vrrp, hsrp, firewall HA), virtual MAC (for virtual ip) flapping .
11-22-2007 08:37 PM
Hi Taylor ,
Thnaks for your valuable info...We have sent the Dump taken from Nortel FW to TAC team and they suggested that load the SSI patch which was given by TAC Team.
What we are doing in our setup is we are connecting switch ports and FW ports one by one without waiting for few min. before connecting next port on both ends.
If i disable CDP enable on particular interfaces it may stop these kind of messages.
But we had a worst time last week when both the devices were been working for 4 hours during downtime...Later on FW stopped working and led to major outage.
FW was not allowing FTP , Telnet and other services except ping and trace route.
Any any policy is there in FW.We don't have any other policy on Nortel FW.still we faced unforgettable issue.
Thanks a lot once agian for your kind info.
why Nortel is not taking care about these kind of issues before delivery of new products.
Thanks,
satish
01-20-2008 10:11 PM
Dear Experts ,
last week end we were planning to put the nortel FW's into production.
We were getting the following message on switches after terminating nortel FW's on the switches.
1w0d: %C4K_EBM-4-HOSTFLAPPING: Host 00:00:5E:00:01:0F in vlan 15 is flapping between port Gi3/1 and port Po5ping 19
1w0d: %C4K_EBM-4-HOSTFLAPPING: Host 00:00:00:00:FE:21 in vlan 15 is flapping between port Po5 and port Gi3/1
setup is as follows.
noter FW1(port4-sync)----(port 4)nortel FW2 .
| |
4507R sw1 (HSRP & Etherchannel)4507Rsw2
Vlan 15 is defined on both switches.
Vlan 31 , 32 ,33,51 and 52 are deifned on nortel FW.
Valn 15 port is access port and remaining are trunk ports.
Both FW's are in sync i.e port 4 is connected back to back.
I've noticed that 1. When ether-channel is up , we are getting the hostflapping messages and we are not able to ping to FW2 from any any of the Switches.Not even from FW1.
2.If i shut down the port-channel , then FW1 is able to reach from sw1 and fw2 from sw2.
We were not getting the messages.
Whenever port channel is coming into picture at that time we are facing this problem.
Any help would be appreciated.
Thanks.
satish
04-15-2010 01:29 AM
Did you manage to sort out the issue?
With regards,
Shailesh
02-01-2012 02:25 AM
hi
I'm living the same problem;
4:45.279 GMT: %C4K_EBM-4-HOSTFLAPPING: Host 00:1C:A8:A7:6E:08 in vlan 9 is flapping between port Gi6/33 and port Gi6/6
805260: *Feb 1 02:24:46.435 GMT: %C4K_EBM-4-HOSTFLAPPING: Host 04:0C:CE:A8:06:0D in vlan 9 is flapping between port Gi6/9 and port Gi6/33
805261: *Feb 1 02:24:49.023 GMT: %C4K_EBM-4-HOSTFLAPPING: Host D0:DF:9A:51:75:BC in vlan 9 is flapping between port Gi6/6 and port Gi6/33
805262: *Feb 1 02:24:49.155 GMT: %C4K_EBM-4-HOSTFLAPPING: Host D8:9E:3F:76:75:F9 in vlan 9 is flapping between port Gi6/15 and port Gi6/33
805263: *Feb 1 02:24:51.023 GMT: %C4K_EBM-4-HOSTFLAPPING: Host E0:CA:94:09:AD:50 in vlan 9 is flapping between port Gi6/33 and port Gi6/6
805264: *Feb 1 02:24:51.579 GMT: %C4K_EBM-4-HOSTFLAPPING: Host E4:E0:C5:0B:4D:25 in vlan 9 is flapping between port Gi6/33 and port Gi6/6
805265: *Feb 1 02:24:52.011 GMT: %C4K_EBM-4-HOSTFLAPPING: Host E4:E0:C5:0B:4D:25 in vlan 9 is flapping between port Gi6/33 and port Gi6/6
805266: *Feb 1 02:24:53.931 GMT: %C4K_EBM-4-HOSTFLAPPING: Host 8C:64:22:18:43:28 in vlan 9 is flapping between port Gi6/33 and port Po1
805267: *Feb 1 02:24:56.371 GMT: %C4K_EBM-4-HOSTFLAPPING: Host 40:5F:BE:F1:46:D9 in vlan 9 is flapping between port Gi6/33 and port Gi6/6
805268: *Feb 1 02:24:57.743 GMT: %C4K_EBM-4-HOSTFLAPPING: Host 00:1B:0C:99:26:3F in vlan 9 is flapping between port Po1 and port Gi6/33
805269: *Feb 1 02:24:57.891 GMT: %C4K_EBM-4-HOSTFLAPPING: Host 1C:65:9D:ED:7C:84 in vlan 9 is flapping between port Gi6/33 and port Gi6/6
805270: *Feb 1 02:24:59.347 GMT: %C4K_EBM-4-HOSTFLAPPING: Host D0:DF:9A:51:75:BC in vlan 9 is flapping between port Gi6/6 and port Gi6/33
805271: *Feb 1 02:25:01.759 GMT: %C4K_EBM-4-HOSTFLAPPING: Host 00:24:9F:59:76:03 in vlan 9 is flapping between port Gi6/21 and port Gi6/11
805272: *Feb 1 02:25:02.511 GMT: %C4K_EBM-4-HOSTFLAPPING: Host 4C:0F:6E:95:B7:8F in vlan 9 is flapping between port Gi6/33 and port Gi6/6
Have learned about how to solve the
09-17-2012 05:40 PM
I am also facing the same issue.. Need any troubleshooting steps..
015827: Sep 17 21:07:45.231: %C4K_EBM-4-HOSTFLAPPING: Host 00:15:60:53:6B:FB in vlan 100 is flapping between port Po1 and port Gi3/4
015828: Sep 17 21:15:00.236: %C4K_EBM-4-HOSTFLAPPING: Host 00:15:60:53:6B:FB in vlan 100 is flapping between port Gi3/4 and port Po1
Current configuration : 329 bytes
!
interface Port-channel1
switchport
switchport access vlan 3
switchport trunk native vlan 3
switchport trunk allowed vlan 3-5,45,99-101,201,254,255,400-402,501,662,666
switchport mode dynamic desirable
logging event link-status
no snmp trap link-status
end
Current configuration : 312 bytes
!
interface Vlan100
ip address 130.172.28.2 255.255.254.0
no ip redirects
no ip unreachables
no ip proxy-arp
no snmp trap link-status
standby 10 ip 130.172.28.1
standby 10 priority 110
standby 10 preempt delay minimum 300
standby 10 authentication Vlan100
end
!
interface GigabitEthernet3/4
switchport access vlan 4
switchport trunk native vlan 998
switchport trunk allowed vlan 4,100,662,666,998
switchport mode dynamic desirable
logging event link-status
end
Primary Switch:
h mac-address-table address 0015.6053.6bfb
Unicast Entries
vlan mac address type protocols port
-------+---------------+--------+---------------------+--------------------
100 0015.6053.6bfb dynamic ip GigabitEthernet3/4
Secondary Switch:
sh mac-address-table address 0015.6053.6bfb
Unicast Entries
vlan mac address type protocols port
-------+---------------+--------+---------------------+--------------------
100 0015.6053.6bfb dynamic ip,other Port-channel1
401 0015.6053.6bfb dynamic other Port-channel1
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide