I am deploying NAC L2 OOB Central.
I'm in final configurations and int the moment all ports of managed switchs are uncontrolled.
Vlan Map and Managed Subnets are configured.
When I run the command sh mac address-table interface at port of the switch where the untrusted port CAS is connected, I see several MAC-Address entries.
Why this occurs? This is a normal behavior?
Hard to say without looking at it closely, but first thing that comes to mind is that if you have VLAN mapping configured on the CAS, it will actively bridge any packets it sees on the untrusted side (for the VLANs it's doing the mapping for) to the trusted side, and vice-versa. Perhaps you're seeing an effect of that?
If you find this post helpful, please rate so others can find the answer easily
I don't see negative effects. It was just a curiosity, because they asked me and I could not answer clearly
Guys - I also see this and I am being queried buy the customer. Basically I have the scenario that you mentioned using virtual gateway and vlan mapping but I am seeing dual mac-address entries within the switch mac-address table even after the SSO and posture validation has taken place and the client has been moved the MAC-Address for the CAS untrusted element is still known.
I have the mac again-timer configured as recommended for 3600 seconds - can we be certain that having the switch know about the same mac-add from two different locations will not cause connectivity issues !
XXXXXXXXXX#sh mac address-table address 4061.86c1.3314
Mac Address Table
Vlan Mac Address Type Ports
---- ----------- -------- -----
10 4061.abcd.3314 DYNAMIC Po3 = Now Trusted Client
666 4061.abcd.3314 DYNAMIC Gi1/0/10 = CAS
Total Mac Addresses for this criterion: 2
Any thoughts ?