Spanning tree is enabled "spanning-tree mode pvst" I should have been clearer. The McAfee appliance is running in transparent bridge mode. What I suspect is that some packets are traversing the network passing through the McAfee appliance hitting the firewall and are being routed back in. When they appear from the McAfee gateway back onto the switch the switch does what switches do and creates a mac addresses entry because the packet source is the port it just appeared from. It appears that the appliance isn't running in a true transparent mode. Or is there some other configuration that needs to happen on a Cisco IOS device when a transparent appliance is present?
... View more
The small/medium manufacturing company I work for has address flapping on our Cisco 4507. Our network is a very simple star configuration with only the core switch, Cisco 4507, and access switches of Cisco 2950 or Cisco 2900xl. Single strands of copper or fiber to each access switch to the core. We have recently deployed a McAfee Secure Internet Gateway v4.5 (3200) appliance. Since its deployment we have been getting the following flapping messages. Description: Host 00:90:27:73:58:55 in vlan 1 is flapping between port Gi4/16 and port Gi3/26 Explanation: not available Recommended Action: not available Type: C4K_EBM-4-HOSTFLAPPING There are 20 to 30 of these messages in a typical 24 hour period. The host mac and one port change but the constant is port Gi3/26. This also happens to be the port that the McAfee gateway device is attached to. I am certain that we have no spanning tree or cabling errors. Any ideas on how to correct this?
... View more