Hi there,

i've been dealing with a really weird issue lately.
We have a Cisco Catalyst 3850P-S running 03.06.08 and authenticating via dot1x on Aruba Clearpass.
Almost all of our workstations are connected through the VoIP phones to reduce the needed switch ports.
Recently I've noticed that a device connected and authenticated in this scenario stays "visible" on the switch port even if it's unplugged from the phone. The same happens with a unmanaged / dumb switch connected.

The port configuration looks like this:

switchport access vlan 10
switchport mode access
switchport voice vlan 50
authentication control-direction in
authentication event fail action next-method
authentication host-mode multi-auth
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab
dot1x pae authenticator
dot1x timeout tx-period 2
spanning-tree portfast
spanning-tree bpduguard enable

Example:
I'm working on my desk, my laptop connected via ethernet through my phone. Now I need to go to a meeting and take my laptop with me. When trying to connect my laptop in the meeting room via ethernet, my device only get's a 169.254.x.x IP address and my MAC address isn't visible on the new switch port. When looking for it using show mac address-table | inc MAC, I still see the address on the switch port my VoIP phone on my desk is connected to.

I know that it is a really weird issue and I hope that I explained it somewhat comprehensible.
My question is if it's a Cisco, VoIP phone or Clearpass issue.

Thanks in advance!