Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2330
Views
0
Helpful
1
Replies

Mac Address Dynamic vs Static

dcanady55
Level 3
Level 3

‎12-18-2015 06:58 AM - edited ‎03-08-2019 03:09 AM

Hello,

I read a few posts concerning this topic but it's not clear from my end and was hoping to clear this up.

I have several 2960X switches and I have two vlans a voice and data. When I look at the command "show mac address-table" I see entries static and dynamic on both devices in the data vlan and voice vlan. We don't statically assign any mac addresses so I don't understand why the switch reports it that way? I also don't understand why I look at the mac address of a specific port that has a phone and pc tied to the port. Note they are IP phones and the PC hangs off the phone and it will sometime show the pc being in the data vlan which is correct but then it will show the phone also in the data vlan. When I double check the configuration on that port it's  setup correct to the best of my knowledge anyway. Then I have also seen the same scenario as I just mentioned but the mac address for the phone will appear in the voice vlan as well so there is PC in data and phone in data and phone in voice. How is this possible? See below for output 

thanks for any help!

200 0800.0f26.4db7 STATIC Gi1/0/10
200 0800.0f27.25e3 STATIC Gi1/0/14
200 0800.0f27.3bc1 DYNAMIC Gi1/0/47
200 0800.0f2a.24e0 DYNAMIC Gi1/0/2

100 0023.2487.b826 STATIC Gi1/0/22
100 0023.2487.b83f STATIC Gi1/0/14
100 0025.649f.2abd DYNAMIC Gi1/0/35

Vlan Mac Address Type Ports
---- ----------- -------- -----
100 0023.249c.2930 DYNAMIC Gi1/0/3
100 0800.0f9b.af68 STATIC Gi1/0/3............makes no sense as it's a phone tied to vlan 200

interface GigabitEthernet1/0/3
description ***Wall Jack 3***
switchport access vlan 100
switchport mode access
switchport voice vlan 200
load-interval 30
authentication host-mode multi-host
authentication port-control auto
authentication violation protect
no snmp trap link-status
dot1x pae authenticator
storm-control broadcast level 20.00 15.00
storm-control action trap
no cdp enable
spanning-tree portfast
spanning-tree bpduguard enable

2 people had this problem
Labels:
0 Helpful
1 Reply 1

Joshua Schroth
Level 1
Level 1

‎04-15-2020 09:22 AM

It would be nice if you could get some feedback from the community because we have a similar issue and ISE will not authenticate any Polycom Phones that show their MAC Address in the Data VLAN (21) AND Voice VLAN (22) on a switchport. When the MAC Address table for a port only shows the PC in the Data VLAN, and the phone in the Voice VLAN, then ISE has no problem authenticating both.

 

The strangest part is that I can move the exact same phone to different switch ports within the 3850 Switch Stack, and the behavior is different. Having this issue on a 3850 Switch Stack on Denali 16.3.7 and a 3850 Switch Stack on 3.6.10. Also notice that the port that shows the phone in both VLANS also has the Type "DYNAMIC" where the port has the phone only in the Voice VLAN and type "STATIC" which I don't understand. We do not have any mac addresses statically defined on the switches.

 

Here's an example with the same Polycom Phone:

#show mac address-table int g2/0/3
Mac Address Table
-------------------------------------------

Vlan Mac Address Type Ports
---- ----------- -------- -----
21 0004.f2aa.1111 DYNAMIC Gi2/0/3 < - polycom phone
21 a4bb.6d10.5555 DYNAMIC Gi2/0/3 < - PC
22 0004.f2aa.1111 DYNAMIC Gi2/0/3 < - polycom phone

 

#show auth ses int g2/0/3 
Interface MAC Address Method Domain Status Fg Session ID
--------------------------------------------------------------------------------------------
Gi2/0/3 a4bb.6d10.5555 dot1x DATA Auth 0A67FE04000004FE7E292422
Gi2/0/3 0004.f2aa.1111 N/A UNKNOWN Unauth 0A67FE04000004FF7E292D25

 

 

 

#show mac address-table int g2/0/4
Mac Address Table
-------------------------------------------

Vlan Mac Address Type Ports
---- ----------- -------- -----
21 a4bb.6d10.5555 DYNAMIC Gi2/0/3 < - PC
22 0004.f2aa.1111 DYNAMIC Gi2/0/3 < - polycom phone

 

#show auth sess int g2/0/4
Interface MAC Address Method Domain Status Fg Session ID
--------------------------------------------------------------------------------------------
Gi2/0/4 0004.f2aa.1111 mab VOICE Auth 0A67FE04000005157E498D21
Gi2/0/4 a4bb.6d10.5555 dot1x DATA Auth 0A67FE04000005147E494A26

 

Scratching my head on this one. Any help would greatly be appreciated!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card