Symptom
We see mac flap messages on the switch and all the aps in that subnet drop from the controller. Issue is seen on both 9800 and AireOS running 16.12.4a and 8.10.130.0 respectively.
Issue was not seen on 8.5.140.0
Conditions
1815W, locally switched RLAN, AP and clients in same subnet
Workaround
Issue only happen with wired client connected to LAN port 2. If possible, try to use LAN port 1 or 3 to workaround the issue.
Further Problem Description
When wired RLAN client generates traffic we see gateway address being learned from AP switchport which makes whole subnet flap.
in below output, 1815 ap is connected on tw2/0/17 port and vlan 2193 gateway is on palo-alto firewall and mac address is b40c.25e2.8010
KRESTWR3-S01#sh mac add int tw2/0/17
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
2193 54e1.ad4d.09a2 STATIC Tw2/0/17
2193 b40c.25e2.8010 STATIC Tw2/0/17 -------------> Palo Alto firewall gateway MAC
2193 c4f7.d556.0400 STATIC Tw2/0/17
3193 d0c2.82d1.37bf STATIC Tw2/0/1
++ We also see lot of MAC flaps:-
Sep 16 12:01:27.742: %SW_MATM-4-MACFLAP_NOTIF: Host b40c.25e2.8010 in vlan 2202 is flapping between port Tw2/0/17 and port Po1
Sep 16 12:02:42.641: %SW_MATM-4-MACFLAP_NOTIF: Host b40c.25e2.8010 in vlan 2202 is flapping between port Tw2/0/17 and port Po1
Sep 16 12:03:51.026: %SW_MATM-4-MACFLAP_NOTIF: Host b40c.25e2.8010 in vlan 2202 is flapping between port Tw2/0/17 and port Po1
PSIRT Evaluation:
The Cisco PSIRT has evaluated this issue and determined it does not meet the criteria for PSIRT ownership or involvement. This issue will be addressed via normal resolution channels.
If you believe that there is new information that would cause a change in the severity of this issue, please contact psirt@cisco.com for another evaluation.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
