C3850 is blocking certain MAC Address

kfmit-kade · ‎06-03-2015

Hello I'm new in Forum,

my problem ist I have any MAC or IP ACLs on the switch and the client was working since several months.

Suddenly is the client not able to connect the C3850 switch.

Have been started Linux and Windows, same error.

I have tested with "no name" Switch. Everything works fine.

Markus Benz · ‎06-03-2015

Hi,

what do you mean by the client is not able to connect to the switch?
You mean connected hosts are not switched anymore?

How does the config look like? Any log entries?

It is impossible to answer your question with the provided details.
Could you add some more info?

Regards,
Markus

kfmit-kade · ‎06-03-2015

Hi,

thanks for your answer,

No this is not a global impact. The switch is switching all connected devices, except for the one PC.

So I suppose the switch locks this one MAC adress. IP routing is enabled on the switch and several vlans are configured.

I use it as default gateway, but the affected directly connected PC cant ping the IP address configured for its vlan

Do you need the whole config or only certain areas?

Logging says nothing relevant for this error.

Sorry for my english.

Regards

Andreas

Markus Benz · ‎06-03-2015

Thanks for the additional info.. Your english is good as well.

That sounds strange to me.
Duplicate MAC or IP address would maybe explain it.
(To be sure it is not a duplicate MAC problem, you could try to put this PC into a different VLAN on the same switch and see if it works)

If I understand you correctly, all PC's are fine, but this one is not even able to ping it's default gateway? And if you connect it, there is no log message?
Is the port up or down if you connect the PC?

How do you assign IP addresses to the PC's, by DHCP or statically?

Do you see any log message or the like on the PC, when you connect it?

kfmit-kade · ‎06-04-2015

I changed (spoofed) the MAC address for affected PCs NIC.

Afterwards everything works fine.

The NIC gets DHCP adress and can ping default gateway.

I have no idea what that mean???????

Markus Benz · ‎06-04-2015

I can only make an assumption based on the info I have.

Most probably you have a duplicate MAC address in your network.
By changing this MAC address you solved the problem.

Regards,
Markus

kfmit-kade · ‎06-04-2015

This is a work around but not a solution for me.

There is no entry for the original MAC I checked this

show arp dynamic detail | inc 0019.99xx.xxxx

For the new MAC yes

show arp dynamic detail | inc 0019.99xx.xxxy

Encap type is ARPA, hardware address is 0019.99xx.xxxy, 6 bytes long.

Markus Benz · ‎06-04-2015

There is no feature in Cisco switches that automatically blocks MAC addresses.

So if it is not a duplicate, I cannot explain why it is blocked.
If there is a problem, you should see something in the Log.

I recommend you go back to the original MAC and try again.

Please check and priovide arp and mac-address tables if the original MAC is connected.

Ralph Laemmermeyer · ‎06-15-2016

I have the same issue with a 3850 Stack (3.06.4E). Suddenly a PC is blocked by the switch. it is only on VLan 1

1. the PC do not receive an IP-Address from DHCP
2. I checked all Switches in the network regarding the MAC address. No Switch have an entry for that PC in the MAC address table.
3. If I assign a static IP to the PC of the VLAN 1 Network I can ping the PC from the Stack but not from another.
4.If I assign a static IP to the PC from VLAN 1 network, I can ping from PC the Stack but not any other device in the network.
5. If I configure another VLan than the native like Voice on the connected port, the PC can reach every device in the network. I tried different ports on the Stackalwasy same behaviour.
6. If i connect the PC to another switch in the network it will work without any issues.
7. If I change the MAC address of the affected NIC on the PC, it is working with VLan 1 again without any issues.
8. The PC was working for 9 month on this Stack without any issue.
9. I cleared arp mac etc. nothing helped.

Thanks.

Ralf