12-10-2015 01:29 PM
First of all, I can't tag this post as NAC or clearpass, so if a moderator could maybe?
I have a ClearPass appliance in two of my datacenter racks. One is primary and the other is for high availability. They are filling up my logs on my core:
12/10/2015 3:16:01 PM Core Warning 453804: Host 0000.5e00.0001 in vlan 7 is flapping between port Po35 and port Po37
12/10/2015 3:16:01 PM Core Warning 453805: Host 0000.5e00.0002 in vlan 1 is flapping between port Po35 and port Po37
This several times each second. Vlan 1 is management, vlan 7 is data. Is something set up incorrectly in the ClearPass, or is this normal?
12-10-2015 02:05 PM
From the MAC address 0000.5e00.0001 and 0000.5e00.0002, we know it is from a VRRP IP.
If two different ports are seeing the same MAC address, I think both the devices are in Master role for the same VRRP instance.
Check if there are any errors in the VRRP configuration.
12-23-2015 11:16 AM
Sorry for the lengthy time between posts, but I was on vacation. While gone, our consultant convied our security team - who is running the NAC project - that the issue is with multicast sparse mode, and want me to create a new vlan just for the vrrp interfaces that doesn't have sparse mode:
Requesting the ClearPass appliances data interfaces be moved to a VLAN that Cisco Sparse Mode multicast is not enabled for.
Does that sound reasonable?
12-25-2015 08:38 AM
could be, cant find any directly relevant threads / sources on that, but i doubt it will hurt. i would check Vicent remark on perhaps both being active also.
as for your remark on not being able to tag clearpass, you are posting in the wrong section. if you post in the AAA section you can select clearpass.