05-08-2019 05:35 PM - edited 07-05-2021 10:21 AM
Hello All
I am wondering if Mac flapping can happen when user move to another location in same office
we are using WLC and 3502, also 3802i APs
I can see Mac flapping log between two APs in serval sites but most sites are not
my question is
1. what occasion does mac flapping happen? -> I guess it is wireless roaming
2. Mac flapping can happen in WLC environment? -> I guess Mac flap in WLC environment means Roaming is not properly working
3. any other reason or possibility?
4. anyone has a experience and resolution?
Thank you
Regards
05-08-2019 06:54 PM
05-08-2019 07:53 PM
Hello Francesco
Thank you for having interest on this issue
please check some details in below
1. we have 2 WLC (CR5508), those are working as Active-Standby
2. AP is CAPWAP mode and IOS is 8.2.170.0
3. we are using Flexconnect
4. AP connected different switches
============================
router - Switch A - Switch B
I I
AP a AP b
============================
5. log is below, except this, there is no log related with AP connected port
000453: May 8 07:17:41.724 utc: %SW_MATM-4-MACFLAP_NOTIF: Host XXXX.ad7e.XXXX in vlan X is flapping between port Gi0/48 and port Gi0/16
05-08-2019 08:00 PM
05-08-2019 08:33 PM
05-09-2019 07:22 AM
05-09-2019 04:43 PM
05-09-2019 08:06 AM
These messages can become really tiresome if you have a lot of AP's on a switch in something like a distribution centre or really mobile office and you are using flexconnect. I have found in the past that you can disable them to stop them spamming syslog or such like:
logging discriminator nolog msg-body drops flapping
logging buffered discriminator nolog
logging console discriminator nolog
logging monitor discriminator nolog
05-09-2019 04:51 PM
05-09-2019 06:06 PM
Hi mate,
With flexconnect deployment, the ssid traffic are locally switched.
That's the reason why you see this mac flap.
During client roaming, the client for example moving from AP1 on switchport1 is moving to AP2 on switchport2.
Since switch is holding the mac address for default of 300 seconds while wifi client moves faster than that due to seamless roaming, this mac flap alert would go through.
You can check the mac address aging timer on your switch using this, "show mac address-table aging time".
Default is usually 300 seconds,
You can alter it, however it is not recommended as it will be hard for you to detect legitimate "unicast flooding" when it occurs.
If your concern is mac flap which has impact to the environment, you will definitely know that as you will see traffic being dropped on the access ports or you'll notice missing flows on CAM table.
The default timer is sufficient enough to detect this, and even increasing it is highly recommended for detection of the unicast flood
Cheers,
Raffy.
05-09-2019 11:51 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide