I am having a problem with several workstations not being able to access the network. Upon further investigating I found that the MAC address is appearing on different ports throughout the VLAN. The MAC may appear on different switches, and even different buildings (as long as they have ports on that VLAN). I am at a loss as to what is happening. We don't have port-security enabled on any ports and are currently using dot1x port authentication.
Example: Say "Computer A" is connected to port gi1/0/2 on switch 1 and "Computer B" is connected to port gi1/0/4 on switch 2, "Computer B" MAC address may at anytime show up on switch 1 port gi1/0/2. This will cause "Computer B" to be unable to access anything on the network as the layer 2 traffic is being passed through the wrong port.
To resolve this temporarily, I would shutdown gi1/0/2 on Switch 1 and restart the port. Then "Computer A" will appear correctly as a dynamic entry in the mac address-table, and "Computer B" will be listed on the correct interface.
When this happens the entries are listed as "Static" in the address-table.
Standard port config
------------------------
switchport access vlan XXX
switchport mode access
switchport voice vlan XXX
authentication control-direction in
authentication event fail action next-method
authentication event server dead action authorize
authentication event server dead action authorize voice
authentication event server alive action reinitialize
authentication host-mode multi-auth
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication violation restrict
mab
dot1x pae authenticator
dot1x timeout tx-period 10
dot1x max-reauth-req 1
spanning-tree portfast
spanning-tree bpduguard enable
Any help is appreciated.
