05-28-2012 11:46 PM - edited 03-10-2019 07:08 PM
Hi all,
we have rolled out 802.1x enterprise-wide. RADIUS-servers are ACS 1121 (5.3.0.40). Currently we are rolling-out Win7-clients.
The access-layer is built on Catalyst 3560g-48-poe, (IOS 12.2(53)SE2).
On certain switches we have the problen (only Win7-clients; XPs do not cause it) that client MAC-addresses are registered in VLAN4 (Data-VLAN) as well as in VLAN 996 (Quarantine-VLAN) according to the screen-shot below:
switch#sh mac- int gi0/27
Mac Address Table
----------------------------------------------------------------------------------------
Vlan Mac Address Type Ports
------ ------------------- ------- -------
4 2c27.d71d.6279 STATIC Drop
996 2c27.d71d.6279 DYNAMIC Gi0/27
Total Mac Addresses for this criterion: 2
Unfortunately the MAC address in VLAN 4 will never age-out, which means that they keep the above status. To wipe-out the MAC addresses we have to reboot the switch, which is no solution for us.
Has anyone faced something similar to this problem ? What is causing this problem ? How can we get rid of these MAC addresses without rebooting the switch ?
Any hints are very much appreciated
Best regards
RHUB
06-26-2015 08:04 AM
Did you ever get this resolved?
07-01-2015 02:43 AM
Hi Neno,
This has been resolved by upgrading the switches to the newest release.
07-01-2015 09:42 AM
Thanks for the reply! Can you give me the specific version. I am dealing with an issue now and running 150-2.SE6. It is not exactly the latest but pretty recent and I want to confirm 100% before I request a change control window for the upgrade.
Thanks!
04-25-2016 02:30 PM
Hi Neno and rhub.
I'm dealing with the same issue running c2960-lanlitek9-mz.150-2.SE5, could you give please more info about your advance in this topic, maybe if you have get some documentation about it, it would be really useful for me.
Best Regards.
Juan Esteban
04-26-2016 08:06 AM
It looked like this was a bug with the version of code. So I would suggest upgrading your code. Also, please note that LAN Lite is does not support many 802.1x features.
Thank you for rating helpful posts!
04-26-2016 08:22 AM
Hi Juan and Neno,
we upgraded all 3560-switches with IOS 15.0.2. but I did not have the possibility to test it; I will do it asap and let you know abut the results.
Best regards
Roman
04-26-2016 09:06 AM
Sounds good! Let us know :)
03-02-2020 10:37 AM
I have a similar problem.
switch model/IOS: WS-C2960X-48FPD-L 15.2(7)E0a
What is the solution?
switch#sh mac address-table interface gigabitEthernet 1/0/29
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
16 0004.f25d.947d DYNAMIC Drop
16 10e7.c670.cbdd DYNAMIC Drop
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide