Solved: Re: Cisco 9136i connected with dual port switch macflapp

mohammad.rizky · ‎11-27-2024

Hi All,

I hope we are doing well.

I have issue with cisco AP 9136i always appears macflapp during connected in two different switches (non LAG). we are already check the configuration and the speed status is normal, but some time these port appears macflapp. we are already try to change port, reload AP but the issue still persist. maybe you're have same issue with 9136 and know what the workarround about this. for now, i disable one port of switch for temporary solutions.

%SW_MATM-4-MACFLAP_NOTIF: Host ec19.2e41.5edf in vlan 501 is flapping between port Twe1/0/20 and port Twe1/0/15
%SW_MATM-4-MACFLAP_NOTIF: Host ec19.2e41.5edf in vlan 501 is flapping between port Twe1/0/20 and port Twe1/0/15

Cisco WLC = 9800-L-F
OS Version = 17.14.1

Thank You all

Rich R · ‎11-29-2024

Correct @mohammad.rizky should not cause any impact.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

View solution in original post

M02@rt37 · ‎11-27-2024

Hello @mohammad.rizky

The most effective solution is to enable LAG on your AP and configure the switches appropriately. On the switches, configure the connected ports as an EtherChannel using LACP. This ensures the AP's multiple links function as a single logical link, eliminating the flapping and providing redundancy and increased throughput.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

mohammad.rizky · ‎11-27-2024

Hi M02@rt37

for now our switch have port with multigigabit (C9300-48UN-A) with single port, if we are running with LAG the thoughput of AP maximum 5Gig which is same with single port. i see in documentation AP 9136, no distruption during failover until the configuration and power input is same. and the if we are running LACP, the connection of AP must in single switch (cause we are not running in stack) and if switch goes down the AP will fail connect to WLC.

Thank You

Best Regards,

MHM Cisco World · ‎11-27-2024

if the SW not run Stack nor VSS nor vPC then sure you will get this flapping error.
you must connect AP to only one SW

MHM

mohammad.rizky · ‎11-27-2024

Hi @MHM Cisco World

If the AP connect in one switch i think we didn't get the redundancy if switch is going down. May i attched the topology of our deployment.

Thank You

MHM Cisco World · ‎11-27-2024

let me double check non LAG with single SW for this AP model

I will update you

MHM

mohammad.rizky · ‎11-27-2024

Thank you so much for your help @MHM Cisco World

Leo Laohoo · ‎11-27-2024

This is a known issue with the 9136 (and 9178) and I have raised a Feature Request (CSCwf32194) with the WNBU back in July 2023.

CSCwh10672 is a duplicate.

I was told this feature will be made available from 17.17.1 but I am asking WNBU if the feature can be made available from 17.15.X instead.

mohammad.rizky · ‎11-27-2024

Hi @Leo Laohoo

Yes agree, if port active AP failure, the traffic will move to secondary port. But our case, no failure in port active or standby and we are see any macflapp. I attached the topology our conditions.

Thank You

Leo Laohoo · ‎11-28-2024

I think I may have been misunderstood: This is feature is not available as of yet.

Unless someone happens to be a very big customer (aka, "too big to say `no' to"), this feature may be available when 17.17.X drops late 2025.

Rich R · ‎11-28-2024

@Leo Laohoo I think the 1x port use case is slightly different but I agree with the others that this behaviour is completely normal and not a problem with the current topology. So you accept the MAC flaps or use port-channel...

This is why networks are designed with stacks (physical or stackwise virtual) to provide resilience against a single chassis failing.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

Leo Laohoo · ‎11-28-2024

The way WNBU explained this missing feature (for non-DOT1X ports), both ports need to be manually configured for EtherChannel. If the ports are not in an EtherChannel, the MAC flapping alerts will spam the logs mercilessly.

I had to explain to WNBU that "manually configuring" the ports is counter-productive, particularly in a health-related network, because AP ports can be mistakenly re-patched to the wrong port all the time. And this is more true nowadays with the Catalyst 9k switch where the LED port numbers are just a bunch of "triangles" instead of port numbers in the past.

mohammad.rizky · ‎11-29-2024

Hi @Rich R

So you mean it's mac flapp is normal condition with our Topology using AP 9136 right? i just worry with these situation make a traffic distruption

Rich R · ‎11-29-2024

Correct @mohammad.rizky should not cause any impact.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

mohammad.rizky · ‎11-29-2024

Thanks for your advices @Ric , maybe i'll try to config port-security with sticky mac address to prevent the loop.

Cisco 9136i connected with dual port switch macflapp

ACI: Dual Role Switch の Discovery について

回复：【原创】Cisco Catalyst 9300, 9200, 3650, 3850等 Switch密码恢复

Port-Security - Configuração Básica

Como usar Port-channel nos switches Cisco Nexus

Catalyst SwitchのCisco推奨リリースを確認する方法

Cisco 9136i connected with dual port switch macflapp

ACI: Dual Role Switch の Discovery について

回复： 【原创】Cisco Catalyst 9300, 9200, 3650, 3850等 Switch密码恢复

Port-Security - Configuração Básica

Como usar Port-channel nos switches Cisco Nexus

Catalyst SwitchのCisco推奨リリースを確認する方法

回复：【原创】Cisco Catalyst 9300, 9200, 3650, 3850等 Switch密码恢复