Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2660
Views
0
Helpful
3
Replies

Switch Not Learning MAC Address and 802.1x Port Security

Brian Saunders
Level 1
Level 1

‎08-11-2015 06:15 AM - edited ‎03-10-2019 10:58 PM

Hello All,

 

We've been running wired 802.1x machine authentication for awhile now and recently began deploying 4500R+E chassis with Sup8-E.  During this rollout I've noticed a strange problem where devices that are connected to ports that do not have the NAC configuration are unable to connect to the network because the switch will not learn the MAC address of the device.  The port configuration in this scenario is like so:

interface GigabitEthernet1/3
 switchport access vlan xx
 switchport mode access
 switchport voice vlan xx
 spanning-tree portfast
 spanning-tree bpduguard enable

The port shows connected but when you look at the mac-address table for that interface it will show the following:

XXXXSW001#sh mac address-table interface g1/3

Multicast Entries

vlan     mac address     type    ports

---------+---------------+-------+--------------------------------------------

  xx      ffff.ffff.ffff   system

Ports with the standard 802.1x configuration have no problems connecting to the network and the switch learns the devices mac-address.  The only way that I've found to get devices on non-NAC ports onto the network is to apply the following to the interface and then remove to force the switch to learn the mac-address:

switchport port-security
!

switchport port-security mac-address sticky

!

I opened a TAC case with Cisco and they said that it was a "bug" in the software and recommended a different release.  I've been testing their recommended release in the lab and have seen the issue reproduced.  Has anyone experienced this problem and have any recommendations?

 

Thanks,

 

Brian

 

1 person had this problem
Labels:
0 Helpful
3 Replies 3

wpalumbo06
Level 1
Level 1

‎10-26-2015 10:36 AM

Brian,

 

Which IOS-XE version are you using and do you have the BugID that Cisco provided?

Thanks

0 Helpful

Brian Saunders
Level 1
Level 1
In response to wpalumbo06

‎10-26-2015 10:56 AM

Saw the issue with 3.6.0 and 3.3.2 XO.  Believe the bugID is CSCuu92251 which was fixed in 3.6.3.  We upgraded one of our 4510r+e with Sup8-E's to version 3.6.3 and so far we haven't seen the issue return.

0 Helpful

David.32.Brown
Level 1
Level 1

‎09-12-2019 04:32 PM

I'm having the same problem with both Cisco & Avaya turrets into ports on a 6513 IOS 12.2(33)SXJ6.

 

I'll try your solution in my next testing slot and let you know if it works.

 

Incidentally I've moved >120 other devices on other 6513 switches with the same IOS without issue. The problem is confined to a single card in a single switch.

0 Helpful
Customers Also Viewed These Support Documents