Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1546
Views
5
Helpful
9
Replies

Cisco 9600 Core Switch not learning specific mac address over trunk

kevinasherdoj
Level 1
Level 1

‎10-25-2022 07:45 AM

Hello all,

I've got a puzzling issue with a particular mac address not being learned over a trunk on my core switch that is present on the access switch's tcam table it's connected to, despite other MACs also being learned over the same trunk on the same vlan.

Synopsis: I have a core switch that serves as the router for this location which is a Catalyst 9606 running version IOS XE 16.12.3a with an etherchannel to a Catalyst 9300, 9th floor,  running IOS XE 16.9.1r where I have a voip device connected on a port.  I have the port configured as an access port with a voice and a data vlan assigned, and the vlans are both defined on the access switch, and the device is on port 1/0/23. I have a mirror of this setup on the 8th floor, same Catalyst 9300 running the same version, the only difference is the vlans for the two floors are different.  The problem I have is that the voip device in question is connected to the 9th floor switch, port 1/0/23 and is populated in the 9th floor tcam table, but it does not get populated over the trunk to the core switch's tcam table, which makes it not get an IP, because the core switch is also our DHCP server for these segments.

 

When I move the phone to the 8th floor and change the DHCP reservation to the corresponding subnet for the mac address, the 9th floor phone works on the 8th floor, and the 8th floor phone, when configured in DHCP for the 9th floor, still doesn't get populated to the core switch's tcam table.  This seems to indicate an issue with the etherchannel between the 9th floor and the core switch, BUT, I have other devices on the 9th floor switch on the same vlan that ARE getting populated to the core switch's tcam and getting DHCP addresses from it. I have defaulted the port configuration on the 9th floor switchport and reloaded the config for the port, I have checked that the port itself works with other phones, I've bounced the port, nothing seems to work for this port.

Labels:
0 Helpful
9 Replies 9

David Ruess
VIP
VIP

‎10-25-2022 07:55 AM

Hello,

 

Can you share some configurations of the port the phone was on and the port the phone is moving to?

Also can you share a port configuration of a working phone.? Did you clear the MAC address table of the switches. While that shouldn't be a big issues as it should happen automatically I've run into issues where the MAC thought it was one place when it was in another.

 

-David

 

0 Helpful

kevinasherdoj
Level 1
Level 1
In response to David Ruess

‎10-25-2022 08:16 AM

See below for snippets from the switches.

9th floor switch - current phone location

DC1309W01SA01#show mac address-table | i 1/0/23
909 70b3.d5c2.74ff DYNAMIC Gi1/0/23
DC1309W01SA01#show mac address-table | i 909 (another random phone on the same vlan)
909 0005.a620.c23d DYNAMIC Gi2/0/48

DC1309W01SA01# - trunk port config on 9th floor switch
interface Port-channel115
description LINK TO CORE
switchport mode trunk
ip dhcp relay information trusted
ip dhcp snooping trust
end

DC1309W01SA01# - interface config for port
interface GigabitEthernet1/0/23
switchport access vlan 25
switchport mode access
switchport voice vlan 909
trust device cisco-phone
auto qos voip cisco-phone
spanning-tree portfast
spanning-tree bpduguard enable
service-policy input AutoQos-4.0-CiscoPhone-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
end


DC1309W01SA01#show vlan br

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------

25 VLAN0025 active Gi1/0/1, Gi1/0/2, Gi1/0/3
Gi1/0/22, Gi1/0/23,
909 voip-9thFLR active Gi1/0/1, Gi1/0/2, Gi1/0/3
Gi1/0/22, Gi1/0/23,

 

 

Core switch
DC1307A02SC01#show mac address-table | i 0005.a620.c23d (the same random phone)
909 0005.a620.c23d DYNAMIC Po115

DC1307A02SC01#show mac address-table | i 70b3.d5c2.74ff (phone in question)

DC1307A02SC01#show run int po115 (trunk to 9th floor)
Building configuration...

Current configuration : 148 bytes
!
interface Port-channel115
description LINK TO DC1309W01SA01
switchport trunk allowed vlan 1,6,25,99,150,325,700,909
switchport mode trunk
end

 

8th floor switch
DC1308A01SA01# (working phone)
interface GigabitEthernet3/0/5
switchport access vlan 21
switchport mode access
switchport voice vlan 908
trust device cisco-phone
auto qos voip cisco-phone
spanning-tree portfast
spanning-tree bpduguard enable
service-policy input AutoQos-4.0-CiscoPhone-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
end

DC1308A01SA01#show vlan

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
21 NDD active Gi1/0/1, Gi1/0/2, Gi1/0/3
Gi3/0/4, Gi3/0/5, Gi3/0/43
908 voip-8thFLR-10.232.103.0/24 active Gi1/0/1, Gi1/0/2, Gi1/0/3
Gi3/0/4, Gi3/0/5,

0 Helpful

David Ruess
VIP
VIP
In response to kevinasherdoj

‎10-25-2022 08:30 AM

Your port-cannel config is allowing certain VLANs on one side and ALL on the other. Can you make this the same? (I would allow all to be safe) just to check.

Also clear the mac address table on all 3 switches involved (Core, 8th floor and 9th floor)

0 Helpful

amikat
Level 7
Level 7
In response to kevinasherdoj

‎10-26-2022 01:54 PM

Hi,

Will you please post the show etherchannel detail outputs taken at both ends (ie. Core and Floor9 switches). 

Also at the Core switch can you see any voip mac address sourced from the Floor9 stack-member 1 (ie. Gi1/0/x port) box and if not can you please move the phone to Floor9 stack-member 2 (ie. Gi2/0/x port) and check if there is any change.

Thanks & Regards,

Antonin

0 Helpful

MHM Cisco World
VIP
VIP

‎10-25-2022 08:04 AM

not learn mac two issue 
check STP 
check the port-security table see if mac appear in different port 

0 Helpful

kevinasherdoj
Level 1
Level 1
In response to MHM Cisco World

‎10-25-2022 08:09 AM

Port security is not enabled on the switch, so it's not a port security issue.  When you say check STP, what show commands are you suggesting?

0 Helpful

MHM Cisco World
VIP
VIP
In response to kevinasherdoj

‎10-25-2022 08:14 AM

maxresdefault.jpg

the Learning MAC address come after BLK state of port, so if STP status is BLK then the mac is not learning in port. 
so check STP and check the VLAN the MAC will add to<<- sometimes the VTP or misconfig VLAN also lead to this case. 

0 Helpful

kevinasherdoj
Level 1
Level 1
In response to MHM Cisco World

‎10-25-2022 08:30 AM

it's not a spanning tree issue, because the port the phone is on is an edge port, and there are no switching loops in the network; all access switches connect only to the core switch via a portchannel.  The core is also learning other MACs on the same vlan and same switch that the phone is connected to, so it might be the port itself that is misbehaving, but the port is in FWD state, as well.

MHM Cisco World
VIP
VIP

‎10-26-2022 09:17 AM

Hi Again 


DC1309W01SA01#show mac address-table | i 1/0/23
909 70b3.d5c2.74ff DYNAMIC Gi1/0/23 <<- this port which phone direct connect to SW 
DC1309W01SA01#show mac address-table | i 909 (another random phone on the same vlan) <<-- 909 is the VLAN subnet of phone 
909 0005.a620.c23d DYNAMIC Gi2/0/48

 

If I am right then the ""show mac address-table | i 909""

must display two mac, that indicate that port is assign to different VLAN than 909, am I in right direction ?

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card