09-03-2018 08:05 AM - edited 03-08-2019 04:03 PM
Hello all,
I'm currently running into some issues and the result is that we have mac-flapping between a port-channel and a normal uplink.
There's one AP connected to the switch using an Etherchannel, and the config is like this:
Switch#show run int P11
Building configuration...
Current configuration : 263 bytes
!
interface Port-channel11
switchport trunk native vlan 55
switchport mode trunk
logging event trunk-status
logging event bundle-status
logging event spanning-tree
logging event status
logging event subif-link-status
spanning-tree portfast edge trunk
end
The members of the port-channel are 2 ports (G1/0/13 - G1/0/14:
Switch#show run int G1/0/13
Building configuration...
Current configuration : 322 bytes
!
interface GigabitEthernet1/0/25
switchport trunk native vlan 55
switchport mode trunk
logging event trunk-status
logging event bundle-status
logging event spanning-tree
logging event status
spanning-tree portfast edge trunk
spanning-tree bpduguard enable
channel-protocol lacp
channel-group 1 mode active
end
Switch#show run int G1/0/26
Building configuration...
Current configuration : 322 bytes
!
interface GigabitEthernet1/0/14
switchport trunk native vlan 55
switchport mode trunk
logging event trunk-status
logging event bundle-status
logging event spanning-tree
logging event status
spanning-tree portfast edge trunk
spanning-tree bpduguard enable
channel-protocol lacp
channel-group 1 mode active
end
The issue starts when you connect the 2nd LAN interface of an Access point to this G1/0/14 interface.
After a couple of minutes, assuming broadcast traffic, things get started and network is deteriorating.
The logs show that there's mac flapping between the port-channel & the uplink to the core switch:
testswitch#show int G1/0/25 etherchannel ~~~~~~~~~
Aug 29 15:12:23.385: %SW_MATM-4-MACFLAP_NOTIF: Host a44c.c891.ea2f in vlan 1 is flapping between port Po11 and port Gi1/0/48
Aug 29 15:12:23.627: %SW_MATM-4-MACFLAP_NOTIF: Host 0050.5683.255d in vlan 1 is flapping between port Po11 and port Gi1/0/48
Aug 29 15:12:23.668: %SW_MATM-4-MACFLAP_NOTIF: Host 0017.9a54.f1b9 in vlan 1 is flapping between port Po11 and port Gi1/0/48
Aug 29 15:12:23.668: %SW_MATM-4-MACFLAP_NOTIF: Host 0050.56aa.7656 in vlan 1 is flapping between port Po11 and port Gi1/0/48
It only happens when we change the native vlan of the Access point to be VLAN 55 instead of VLAN1
We need to do this, because otherwise we have other issues with a SSID.
I have configured STP and the root is configured with Prio 0.
I've read that this could be due to misconfiguration with spanning-tree, but I don't see what we've could have configured wrong?
If we try the same setup, use the same etherchannel, between 2 switches, we don't see this issue.
When we don't use the Access Point I mean, the issues don't show.
This would rule out the fact that we might have misconfigured something.
I'm struggling with this for some time now and I'm wondering if this could be a bug or not?
Since you can find somewhat same issues:
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCut87285/?rfs=iqvred
And we have changed the firmware already a couple of times:
Cisco IOS Software, C2960X Software (C2960X-UNIVERSALK9-M), Version 15.2(2)E5, RELEASE SOFTWARE (fc2)
System image file is "flash:/c2960x-universalk9-mz.152-2.E5/c2960x-universalk9-mz.152-2.E5.bin"
Cisco IOS Software, C2960X Software (C2960X-UNIVERSALK9-M), Version 15.2(2)E6, RELEASE SOFTWARE (fc2)
System image file is "flash:/c2960x-universalk9-mz.152-2.E6/c2960x-universalk9-mz.152-2.E6.bin"
Cisco IOS Software, C2960X Software (C2960X-UNIVERSALK9-M), Version 15.2(2)E7, RELEASE SOFTWARE (fc2)
System image file is "flash:/c2960x-universalk9-mz.152-2.E7/c2960x-universalk9-mz.152-2.E7.bin"
Kind regards,
Gerrit
09-03-2018 04:07 PM
Hi,
How is the access point configured? Is it capwap or autonomous?
Thanks
09-03-2018 10:07 PM
It is using capwap, but it's in bridge mode
09-03-2018 04:52 PM - edited 09-03-2018 05:02 PM
"It only happens when we change the native vlan of the Access point to be VLAN 55 instead of VLAN1."
"Portions of the network which are VLAN-aware (i.e., IEEE 802.1Q conformant) can include VLAN tags. When a frame enters the VLAN-aware portion of the network, a tag is added to represent the VLAN membership. Each frame must be distinguishable as being within exactly one VLAN. A frame in the VLAN-aware portion of the network that does not contain a VLAN tag is assumed to be flowing on the native VLAN."
So if the native vlan of AP port is VLan 55, frames in vlan 55 will be untagged. If another port has a different native vlan, then you can see what is going to happen. You are going to hop to a different vlan. This can also cause a L2 loop (see mac flapping) because (R)STP works within one single vlan and hopping between vlans can create a loop because you can avoid blocking or discarding ports.
Try explicit tagging of the native VLAN on all trunk ports, as this will help troubleshooting. Must be configured on all switches in network autonomy.
Switch(config)# vlan dot1q tag native
"It is very normal on switch to display this mac flapping message if APs are connected to the switch port. The reason for this is due to the fact that switch learns of a particular clients mac from one particular port to which the AP (assume this is AP01)is connected to. Now when the wireless client roam to other AP( assume AP02 which is connected on a different port of same switch where AP01 is connected) the switch will learn that same MAC address on a different port I.e AP02's port and displays the mac flap message." https://community.cisco.com/t5/wireless-and-mobility/mac-flaps-from-wireless-network/td-p/2300795
Also are there overlapping channels (see link above)?
09-03-2018 10:13 PM
Hi
I'm aware of the fact that clients will roam and we should see that message regarding mac moving in the network.
What's not normal is that it's tearing down the network completely due to the broadcast storm we encounter.
I wasn't aware of the native vlan tag option and I was wondering if the AP can work with this to get an IP in this VLAN. I'll give it a try.
Kind regards,
Gerrit
09-03-2018 11:38 PM
09-03-2018 11:46 PM
09-03-2018 11:58 PM
Hopefully someone more versed in Wireless can help you.
09-04-2018 08:25 AM
If AP is connected with etherchannel, it should be L2 etherchannel you dont need to configure the interface for port channel.
I am not able to understand the config,
If port-channel is configured with these ports (G1/0/13 - G1/0/14) why your config is showing other ports , interface GigabitEthernet1/0/25 -interface GigabitEthernet1/0/26.
By default native vlan is 1, did you setup vlan 55 as native in whole network.
Thanks
09-04-2018 08:56 AM
Hello,
I'm sorry, but some are exhibits from my LAB.
At the customer we're using 1/0/25-26.
We're only using the native VLAN55 on the AP's, no where else.
Because we need an IP out of that VLAN on the AP's to manage the AP's.
Kind regards,
Gerrit
09-04-2018 10:03 AM - edited 09-04-2018 10:11 AM
I setup the same scenario few months ago, I just configure etherchannel and then put these commands,
switchport trunk encapsulation dot1q
switchport mode trunk allowed vlan (vlan which should required by clients)
switchport trunk native vlan (I suggest you to make native vlan same on all trunk ports)
switchport mode trunk
It works without any issues. The DHCP for wireless clients was on WLC and DHCP for AP's was on Microsoft server on that vlan.
Q: Whats the purpose of having Accesspoints in trunk mode.
Q: why you are making vlan 55 native vlan.
Thanks
09-04-2018 11:23 AM - edited 09-04-2018 11:24 AM
Q: Whats the purpose of having Accesspoints in trunk mode.
When you're using 802.1X radius authentication, you need multiple vlans being able to flow over the Uplinks.
Q: why you are making vlan 55 native vlan.
Because we have a particular issue whilst using native VLAN1.
There's a legacy misconfig and VLAN1 is being used as regular VLAN, it's a /16, meaning a lot of broadcast traffic happening on it.
Forgot to mention we're using bridge mode
Regards,
Gerrit
09-04-2018 11:41 AM
Does Bridge mode means, your AP and Wireless clients will be in same subnet.
09-04-2018 11:43 AM
09-04-2018 11:48 AM
OK, i suggest you configure the etherchannel in L2 (without interface port-channel), then refresh the CAM table.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide