11-12-2019 01:08 AM
Hi there,
i've been dealing with a really weird issue lately.
We have a Cisco Catalyst 3850P-S running 03.06.08 and authenticating via dot1x on Aruba Clearpass.
Almost all of our workstations are connected through the VoIP phones to reduce the needed switch ports.
Recently I've noticed that a device connected and authenticated in this scenario stays "visible" on the switch port even if it's unplugged from the phone. The same happens with a unmanaged / dumb switch connected.
The port configuration looks like this:
switchport access vlan 10 switchport mode access switchport voice vlan 50 authentication control-direction in authentication event fail action next-method authentication host-mode multi-auth authentication order dot1x mab authentication priority dot1x mab authentication port-control auto authentication periodic authentication timer reauthenticate server mab dot1x pae authenticator dot1x timeout tx-period 2 spanning-tree portfast spanning-tree bpduguard enable
Example:
I'm working on my desk, my laptop connected via ethernet through my phone. Now I need to go to a meeting and take my laptop with me. When trying to connect my laptop in the meeting room via ethernet, my device only get's a 169.254.x.x IP address and my MAC address isn't visible on the new switch port. When looking for it using show mac address-table | inc MAC, I still see the address on the switch port my VoIP phone on my desk is connected to.
I know that it is a really weird issue and I hope that I explained it somewhat comprehensible.
My question is if it's a Cisco, VoIP phone or Clearpass issue.
Thanks in advance!
Solved! Go to Solution.
11-14-2019 12:22 AM
I figured it out.
There is a global command "mac-move permit" which solved the described issue for me.
11-13-2019 11:43 PM
Hi,
also faced with this issue, in my case it's VoIP phone issue...
The phone has its own switch in it and is holding the mac until reboot...
11-14-2019 12:22 AM
I figured it out.
There is a global command "mac-move permit" which solved the described issue for me.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: