Re: c9200 mac adress persistence with MAB and VOIP

renard sebast · ‎01-24-2024

Hello,

I have switch c9200 with MAB and vlan assignment, on the user ports it has IP phones and the PCs are connected to these phone.

When I disconnect a PC, its MAC address still appears on mac adresse table for that port.

Of course if i shutdown a port or if i disconnect the phone, all mac adress are clear for that port.

How to make mac address automatically refresh when I disconnect a PC ?

interface GigabitEthernet1/0/1
switchport mode access
switchport voice vlan 999
authentication host-mode multi-auth
authentication port-control auto
authentication periodic
authentication timer reauthenticate 7200
authentication violation protect
mab
dot1x pae authenticator
dot1x timeout quiet-period 2
dot1x timeout tx-period 3
spanning-tree portfast

Thank you in advance for your help

MHM Cisco World · ‎01-24-2024

this feature is support in CDP enhancement
which make IP phone send CDP announce the SW about the down of port PC connect to
I think 9300 is new and support this feature but the ip phone if not support then you need
reauth which make SW ask reauth the PC and PC not reply and SW remove the MAC from table.

NOTE:- check why client OS not send logoff to SW, this also help in this case

Georg Pauwen · ‎01-24-2024

Hello,

as far as I recall, MAB is often used in conjunction with port security and sticky MAC addresses. Is that an option for you ?

You can set the timeout value to a lower value:

interface GigabitEthernet1/0/1 # Replace with the actual interface of the switch
switchport port-security maximum 2 # Set the maximum number of secure MAC addresses
switchport port-security aging time 2 # Set the MAC address aging time in minutes
switchport port-security violation restrict # Set the violation action (restrict, protect, shutdown)
switchport port-security
switchport port-security mac-address sticky
switchport mode access

renard sebast · ‎01-25-2024

Thanks for the replies

My IP phones are not Cisco phones, It's mittel phone and they use lldp.

I have a similar configuration with Dell switches and the same phones it works without problem with lldp

I try Georg's solution as soon as I can

MHM Cisco World · ‎01-25-2024

Can yoh check tlv lldp use in other vendor and one use by SW

There is tlv that do same as cdp enhancement.

MHM

renard sebast · ‎01-26-2024

Hello thank for reply ,

Sorry I'm a bit lost with the lldp protocol

On my dell switch n2200 i have :

show lldp interface gigabitethernet 1/0/1

LLDP Interface Configuration

Interface Link Transmit Receive Notify TLVs
--------- ------ -------- -------- -------- -------------
Gi1/0/1 Up Enabled Enabled Disabled 0,1

TLV Codes: 0- Port Description, 1- System Name, 2- System Description
3- System Capabilities, 4- Port VLAN, 5- Management Address

On my C9200

show lldp interface gigabitEthernet 1/0/1

GigabitEthernet1/0/1:
Tx: enabled
Rx: enabled
Tx state: IDLE
Rx state: WAIT FOR FRAME

I'm not sure I have the right information on my Cisco switch. I don't see any active tlv

But if I understand correctly I had to turn on the tlv "Port Description" and "System Name" in conf t

MHM Cisco World · ‎01-27-2024

Can you add these below tlv under ONE port (not in global mode) and check

TLV Codes:

0- Port Description,

1- System Name,

2- System Description
3- System Capabilities,

4- Port VLAN,

5- Management Address

I check lldp but I couldn't find which tlv use to inform SW the PC port is disconnected

Thanks

MHM