cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
200
Views
1
Helpful
1
Replies

Interfaces holding MAC addresses

GlennOddie3166
Level 1
Level 1

Hi, every few weeks I'm notified of an issue where a client physically moves, gets an IP but has no connectivity. I trace the clients MAC to discover it associated with a switch port it is not connected to. I shut/no shut the port, the MAC then comes up on the expected port and all is well. I believe before the client moves , the common theme seems to be it is connected via an unmanaged switch. Any thoughts on why I'm seeing this behavior? See below example port config:

switchport access vlan 122
switchport mode access
switchport voice vlan 55
device-tracking attach-policy ISE-IPDT
ip access-group pre_auth in
authentication timer reauthenticate server
access-session control-direction in
access-session port-control auto
mab
dot1x pae authenticator
storm-control broadcast level 10.00
storm-control multicast level 10.00
auto qos trust dscp
spanning-tree portfast
service-policy type control subscriber ISE-POLICY
service-policy input AutoQos-4.0-Trust-Dscp-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
ip nbar protocol-discovery

1 Reply 1

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello @GlennOddie3166 ,

you have configured both device-tracking and 802.1x  and MAB.

my guess there is an issue in interaction of these features together that makes these MAC addresses similar to a sticky MAC address in port security (just an analogy)

I would try to remove device-tracking on a group of access ports and to make tests on them to see if without device tracking the behavior changes.

Hope to help

Giuseppe

 

Review Cisco Networking for a $25 gift card