Hello,

I have a situation I am trying to figure out where devices plugged in to switchports will show as empty when I run a sho mac ad int xx.

For example:

SWITCH#show mac ad int f0/5
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----

I place a port ACL on my interfaces for security purposes and let radius authenticate and move devices around based on policy. When I remove the port ACL the mac address for the device shows up within a few seconds. I have a certain type of device that I can replicate this behavior with very consistently, but it doesn't happen very often with most devices.

For example:

SWITCH#show mac ad int f0/5
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
 75    ####.####.3f02    STATIC      Fa0/5
Total Mac Addresses for this criterion: 1

ip access-list extended ACL_DENY
 deny ip any any
 exit

int f0/5

  ip access-group ACL_DENY in

I did a bunch of reading and came across mac address ACL's and thought that maybe creating an explicit allow mac acl would do the trick. Sadly, it doesn't appear to have done the trick and now I am turning to you guys to see if you have any ideas or experience with this situation.

mac access-list extended ALLOW_ALL_MAC
 permit any any
 exit

int f0/5

 mac access-group ALLOW_ALL_MAC in

I have been able to replicate this on 2960, 2960c, 3560x, 3750x and 3850 on 12.x and 15.x IOS. It doesn't seem to be related to a switch model or software version.