cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
589
Views
0
Helpful
6
Replies

A few MAC @ are hidden on the Cisco C3750 Version 15.0(2)SE6

pascalmarti
Level 1
Level 1

Hello,

I want to apply the 802.1x on my switch. Some PC are authenticated with certificat the printers with MAC @ (mab ) => not problem.

But I check some port to find the equipment on the DHCP server but some port are without MAC @ :

when I remove the 802.1x configuration on the port, the MAC @Do not appear nevertheless. In the sh log after a shut no shut the MAC @ do not appear.

Who know a tip for force the MAC @ to appear on the switch ?

With 802.1x on the port : (The authentification is success because I permit the user vlan with 802.1x guest in the same vlan.)

SWITCH#sh authentication sessions

Interface  MAC Address     Method   Domain   Status         Session ID
Fa1/0/16   (unknown)       N/A      DATA     Authz Success  0A060AFC000000060002A5CE
Fa1/0/13   (unknown)       N/A      DATA     Authz Success  0A060AFC00003CC14A1DABFB
Fa1/0/5    (unknown)       N/A      DATA     Authz Success  0A060AFC00003CCA4A419274
Fa1/0/2    (unknown)       N/A      DATA     Authz Success  0A060AFC00003CE34A907735
Fa1/0/15   (unknown)       N/A      DATA     Authz Success  0A060AFC00003D0E4DACE43A

It is empty :

SWITCH#sh mac address-table interface fa 1/0/5
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----

Thanks,

Pascool :-)

6 Replies 6

roor
Cisco Employee
Cisco Employee

Can you please paste the output of "show auth sess int fa1/0/5 detail"?

Regards,

Roopa

Hello Roor,

You can find it :

sh authentication sessions interface fa 1/0/5
            Interface:  FastEthernet1/0/5
          MAC Address:  Unknown
           IP Address:  Unknown
            User-Name:  UNRESPONSIVE
               Status:  Authz Success
               Domain:  DATA
      Security Policy:  Should Secure
      Security Status:  Unsecure
       Oper host mode:  multi-host
     Oper control dir:  both
        Authorized By:  Guest Vlan
          Vlan Policy:  100
      Session timeout:  N/A
         Idle timeout:  N/A
    Common Session ID:  0A060AFC00003CCA4A419274
      Acct Session ID:  0x00003CE9
               Handle:  0xD0000D2E

Runnable methods list:
       Method   State
       dot1x    Failed over

And the sh run :

interface FastEthernet1/0/5
 switchport access vlan 100
 switchport mode access
 authentication event fail action authorize vlan 100
 authentication event server dead action authorize vlan 100
 authentication event no-response action authorize vlan 100
 authentication event server alive action reinitialize
 authentication host-mode multi-domain
 authentication port-control auto
 authentication periodic
 authentication violation restrict
 no snmp trap link-status
 dot1x pae authenticator
 dot1x timeout tx-period 4
 dot1x max-reauth-req 3
 spanning-tree portfast
 spanning-tree bpduguard enable
 ip dhcp snooping limit rate 50
end

Pascool :-)

Hi,

From the outputs shared, looks like the device has failed dot1x authentication and the authentication is configured in the closed mode. Hence the switch does not learn it's MAC address, which is expected.

HTH,

Roopa

Hi, But without 802.1x applied on the port, the MAC @ does not appear too.

And so, with 802.1 x applied on all ports,  i can see some mac @. Only a few are not visible and the configuration  is the same on all the switch

Thanks, Pascool ;-)

When you say without dot1x enabled, can you share the config on that interface. Also can you share the config of the interface where you see the MAC addresses learned and the "show auth sess" also?

Thanks,

Roopa

Hello :

I do not apply the dot1x ont the int fa 1/0/34 :

interface FastEthernet1/0/34
 switchport access vlan 100
 switchport mode access
 authentication periodic
 no snmp trap link-status
 spanning-tree portfast
 spanning-tree bpduguard enable
 ip dhcp snooping limit rate 50
end

SUB-GRA-SW03#sh mac address-table interface fa 1/0/34
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----

SUB-GRA-SW03#sh authentication sessions interface fa 1/0/34
No Auth Manager contexts match supplied criteria

=> normal.

SUB-GRA-SW03#sh authentication sessions

Interface  MAC Address     Method   Domain   Status         Session ID
Fa1/0/22   (unknown)       N/A      DATA     Authz Success  0A060AFB0005BD7CAF6A3201
Fa1/0/29   (unknown)       N/A      DATA     Authz Success  0A060AFB0005BE5ABDD2D5E0
Fa1/0/15   6c62.6d87.6a6a  dot1x    DATA     Authz Success  0A060AFB000445E1CC3D0C4D
Fa1/0/7    000b.ab21.3828  mab      DATA     Authz Success  0A060AFB0005BC7AA41F0092
Fa1/0/17   d4be.d94f.a0b3  dot1x    DATA     Authz Success  0A060AFB0005BE55BD7FE119
Fa1/0/10   28d2.444c.ad81  dot1x    DATA     Authz Success  0A060AFB0005BE39BCFCCE1C
Fa1/0/43   28d2.445e.86ab  dot1x    DATA     Authz Success  0A060AFB0005BE4EBD6A9385
Fa1/0/46   28d2.4451.4371  dot1x    DATA     Authz Success  0A060AFB0005BE5FBE11F4DB
Fa1/0/47   38ea.a708.1d29  mab      DATA     Authz Success  0A060AFB0005BC0E9F886DCE
Fa1/0/25   f8b1.56aa.186d  dot1x    DATA     Authz Success  0A060AFB0005BE27BCDF0257
Fa1/0/39   0020.6b7a.502d  mab      DATA     Authz Success  0A060AFB0005BE59BDCFF340
Fa1/0/11   8851.fb4d.13b2  dot1x    DATA     Authz Success  0A060AFB0005BE2DBCF8F987
Fa1/0/21   28d2.444c.ac17  dot1x    DATA     Authz Success  0A060AFB0005BE2ABCF538C5
Fa1/0/16   f8b1.56aa.c11c  dot1x    DATA     Authz Success  0A060AFB0005BE36BCFBCDB3
Fa1/0/18   0000.aaa6.5fb5  mab      DATA     Authz Success  0A060AFB0005B7F59F6AD983
Fa1/0/23   0000.74ca.6691  mab      DATA     Authz Success  0A060AFB0005BB1F9F7939C0

 * The conf on an interface with dot1x and where MAC @ is learn.

SUB-GRA-SW03#sh authentication sessions interface fa 1/0/15
            Interface:  FastEthernet1/0/15
          MAC Address:  6c62.6d87.6a6a
           IP Address:  10.6.100.27
            User-Name:  host/GRATH-SEC01.eu.edfencorp.net
               Status:  Authz Success
               Domain:  DATA
      Security Policy:  Should Secure
      Security Status:  Unsecure
       Oper host mode:  multi-domain
     Oper control dir:  both
        Authorized By:  Authentication Server
          Vlan Policy:  N/A
      Session timeout:  3600s (local), Remaining: 1572s
       Timeout action:  Reauthenticate
         Idle timeout:  N/A
    Common Session ID:  0A060AFB000445E1CC3D0C4D
      Acct Session ID:  0x000445EF
               Handle:  0x9000080A

Runnable methods list:
       Method   State
       dot1x    Authc Success

*  The conf on the interface with dot1x but with the MAC @ empty :

SUB-GRA-SW03#sh authentication sessions interface fa 1/0/22
            Interface:  FastEthernet1/0/22
          MAC Address:  Unknown
           IP Address:  Unknown
            User-Name:  UNRESPONSIVE
               Status:  Authz Success
               Domain:  DATA
      Security Policy:  Should Secure
      Security Status:  Unsecure
       Oper host mode:  multi-host
     Oper control dir:  both
        Authorized By:  Guest Vlan
          Vlan Policy:  100
      Session timeout:  N/A
         Idle timeout:  N/A
    Common Session ID:  0A060AFB0005BD7CAF6A3201
      Acct Session ID:  0x0005BDA3
               Handle:  0x11000339

Runnable methods list:
       Method   State
       dot1x    Failed over

Review Cisco Networking for a $25 gift card