CSCvx14436 - 9300 unknown mac 0002.0304.0506 learned in mac address table

KevinGolden74429 · ‎05-21-2021

I am experiencing this MAC address shutting down ports because I have port-security enabled. it shows up on multiple ports and creates a security violation. I do have the Command "No CDP Enable" on all my interfaces but i am not running "switchport mode dot1q-tunnel", , "no keepalive" Our STIG requires us to have "No CDP Enable" I hope cisco comes up with a fix, upgrade to the latest software version has not helped. the only thing we have been able to do to stop this problem has been to add "mac address-table static 0002.0304.0506 vlan xxx drop" is anyone else experiencing this issue?

ivan_abibe · ‎01-11-2022

I had a version of issue now recently as well, but caused real problems. Switch started to get security violations and dot1x failures for this MAC on multiple random ports every day. After some time of this alert while we were debugging, the switch simply didn't connect new devices to the network and we lost SSH connectivity to it. After a full reboot of the switch stack problem seems solved. No more messages in the logs or dot1x failures can be seen for now

2022-01-11 07:39:39 Local7.Notice 10.0.65.162 1302451: Jan 11 07:39:38.838 CET: %AUTHMGR-5-SECURITY_VIOLATION: Security violation on the interface GigabitEthernet3/0/39, new MAC address (0002.0304.0506) is seen.AuditSessionID
2022-01-11 07:38:00 Local7.Notice 10.0.65.162 1302442: Jan 11 07:37:58.742 CET: %DOT1X-5-FAIL: Switch 1 R0/0: sessmgrd: Authentication failed for client (0002.0304.0506) with reason (No Response from Client) on Interface Gi3/0/39 AuditSessionID A241000A0000E14747DB2CE8