Every now and then I encouter mac flap entries in my log files.
001360: Sep 16 12:33:00.020: %SW_MATM-4-MACFLAP_NOTIF: Host 0023.33b0.ae60 in vlan 11 is flapping between port Gi3/0/4 and port Gi1/0/49
001361: Sep 16 12:33:00.457: %SW_MATM-4-MACFLAP_NOTIF: Host 0022.19c9.ab45 in vlan 11 is flapping between port Gi3/0/4 and port Gi1/0/10
001362: Sep 16 12:33:00.515: %SW_MATM-4-MACFLAP_NOTIF: Host 001f.2921.3a5e in vlan 11 is flapping between port Gi3/0/4 and port Gi2/0/11
001363: Sep 16 12:33:00.557: %SW_MATM-4-MACFLAP_NOTIF: Host 0013.21ec.c754 in vlan 11 is flapping between port Gi3/0/4 and port Gi2/0/2
001364: Sep 16 12:33:01.463: %SW_MATM-4-MACFLAP_NOTIF: Host 001b.38f1.5aa2 in vlan 11 is flapping between port Gi3/0/4 and port Gi3/0/3
001365: Sep 16 12:33:01.707: %SW_MATM-4-MACFLAP_NOTIF: Host 000d.9d8e.c17c in vlan 11 is flapping between port Gi3/0/4 and port Gi3/0/6
Port 1/0/49 goes to my router. Port 1/0/10 is an access port, Ports 2/0/2, 2/0/11, 3/0/3, and 3/0/6 each trunk to a 3560 switch over fiber. Port 3/0/4 goes to a 3560 switch located in the equipment room of my communication tower. None of the other switches have any wireless and there are no redudant links between any of these devices.
Are you sure that spanning tree is correctly configured on your network? I have seen this type of issue with flapping between devices/switches when there is a loop in the network and spanning tree is jacked up.
Actually I think I figured it out. This is a a result of one of my wireless links going down momentarily, in this case my PTP 600 Backhaul module. In this case the connection between the bridge and switch never goes down. Since the canopies are transparent bridges the Cisco switch only sees the switch on the other end and is in a trunking state. When the wireless connection is lost the switchport will no longer be in a trunking state and spanning-tree begins to re-converge but the switchport is still up with all of its learned dynamic mac addresses. In this process the packets outbound on the wireless switchport will in escence go backwords out of the port trying to find another path causing the switchport to learn their mac address on the former trunk port. Thus we get mac addresses on two different ports.
This used to happen a lot, especially with Symbol access points.
The issue is when a client roams from AP1's area to AP2's area, the APs are not handing off the client cleanly, such that the switch sees the same client in two domains.
You might be able to configure the APs for a cleaner handoff, or the clients for a snappier transition threshold. Or maybe there is a firmware update available for the switch or APs (or clients) or all of the above.