Re: Mac flapping between two AP(Access Point) in WLC(Wireless LAN Controler) environment

the eyed · ‎05-08-2019

Hello All

I am wondering if Mac flapping can happen when user move to another location in same office

we are using WLC and 3502, also 3802i APs

I can see Mac flapping log between two APs in serval sites but most sites are not

my question is

1. what occasion does mac flapping happen? -> I guess it is wireless roaming

2. Mac flapping can happen in WLC environment? -> I guess Mac flap in WLC environment means Roaming is not properly working

3. any other reason or possibility?

4. anyone has a experience and resolution?

Thank you

Regards

Francesco Molino · ‎05-08-2019

Hi

Can you detail a little bit your wireless architecture like how many wlc do you have? Are your APs in local or flexconnect mode?

Can you share your flapping message and give the information if what is connected on ports mentioned in this message?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

the eyed · ‎05-08-2019

Hello Francesco

Thank you for having interest on this issue

please check some details in below

1. we have 2 WLC (CR5508), those are working as Active-Standby

2. AP is CAPWAP mode and IOS is 8.2.170.0

3. we are using Flexconnect

4. AP connected different switches

============================

router - Switch A - Switch B

I I

AP a AP b

============================

5. log is below, except this, there is no log related with AP connected port

000453: May 8 07:17:41.724 utc: %SW_MATM-4-MACFLAP_NOTIF: Host XXXX.ad7e.XXXX in vlan X is flapping between port Gi0/48 and port Gi0/16

Sathiyanarayanan Ravindran · ‎05-08-2019

Since its flexconnect client MAC will be learned on the switch port of AP. You have to check why the entry of MaC is there post moving from one to another .

Also upgrade your WLC to latest recommended IOS.

Regards,
Sathiyanarayanan Ravindran

Please rate the post and accept as solution, if my response satisfied your question:)

Francesco Molino · ‎05-08-2019

Can you just tell me what are the ports the message refers to?

In a flexconnect environnement, having a mac flapping during roaming makes sense for me.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

patoberli · ‎05-09-2019

It means the client roamed from one AP to another and then back to the first within a fairly short time. That's all. It's just a warning that the clients mac address is moving around, which is normal if the person moves the device. Depending on your AP placement, it might even happen if the client is stationary.

the eyed · ‎05-09-2019

Thank you Patoberli
Understand what you are saying and I am still wondering we are using company standard configuration and architecture in almost every site(means logging configuration is pretty same)
but I can found this messages only in a few sites(not every site)
what's why i asked
Do you have any idea switches has different function for mac flapping by roaming
I can see this mac flapping log in C3560 but I cannot see in C4500

thank you

Mikey Boy · ‎05-09-2019

These messages can become really tiresome if you have a lot of AP's on a switch in something like a distribution centre or really mobile office and you are using flexconnect. I have found in the past that you can disable them to stop them spamming syslog or such like:

logging discriminator nolog msg-body drops flapping
logging buffered discriminator nolog
logging console discriminator nolog
logging monitor discriminator nolog

the eyed · ‎05-09-2019

Hey Mikey
your solution is helpful but I may not accept it because I need to monitor mac-flapping which happens NOT by wireless roaming

RaffyLindogan · ‎05-09-2019

Hi mate,

With flexconnect deployment, the ssid traffic are locally switched.

That's the reason why you see this mac flap.

During client roaming, the client for example moving from AP1 on switchport1 is moving to AP2 on switchport2.

Since switch is holding the mac address for default of 300 seconds while wifi client moves faster than that due to seamless roaming, this mac flap alert would go through.

You can check the mac address aging timer on your switch using this, "show mac address-table aging time".

Default is usually 300 seconds,

You can alter it, however it is not recommended as it will be hard for you to detect legitimate "unicast flooding" when it occurs.

If your concern is mac flap which has impact to the environment, you will definitely know that as you will see traffic being dropped on the access ports or you'll notice missing flows on CAM table.

The default timer is sufficient enough to detect this, and even increasing it is highly recommended for detection of the unicast flood

Cheers,

Raffy.

patoberli · ‎05-09-2019

Nothing more to add here. Only alternative would be to run the APs in Local mode (requires a WLC).
Don't forget, teh closer two or more APs are by each other, the more inclined is a client to roam more often. So a bad wi-fi design can cause much more roaming and thus cause this message to appear much more often.