07-06-2018 02:18 PM - edited 03-08-2019 03:36 PM
Hello,
we have many interfaces on our access layer switches, each of them are connected with two devices, a phone and a computer and we found each of the interfaces with many mac addresses, some of them even with hundreds. The devices are not servers, only workstations.
these mac addresses are gone when we bounce the ports but eventually come back. and they dont have any entris in the ARP table.
among the mac addresses that are presented we find also the mac address of the interface vlan between them that should be the default gateway of all ports belong this vlan. After shut no shut of the ports all the mac addresses
they disappeared and the situation returned to normal but the same problem occurred in another port in another switch.
any one expereinced this kind of issue?
Besides we have cisco NAC configured but are not forced. dont know whether this can cause the problem or not
NB: I found a similar discussion but without solution.
thank you
07-06-2018 02:26 PM - edited 07-06-2018 02:58 PM
There could be 1 reason i see here, workstation either running some kind of Virtual environment or hyper-V
can you capture the information, and look for MAC vendor look up,
you can implement,
switchport port-security maximum value
BB
07-06-2018 02:40 PM
we checked today and it was a computer without virtual Environment and the ip phone but the problem is the mac address of the svi 800 that shoudn't be there as you can see below:
access switch#show mac address-table interface gig 2/0/33
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
316 001a.e82e.5a04 DYNAMIC Gi2/0/33
800 001a.e82e.5a04 STATIC Gi2/0/33
800 10e7.c66c.3453 STATIC Gi2/0/33
800 a0e0.af03.a540 STATIC Gi2/0/33----> mac add of the svi
07-07-2018 06:51 AM
Hi balaji, The MACs learned are for HP and Unify as the vendor and the SVI one belongs to cisco
07-07-2018 03:58 PM
Can you post your interface config of gig
is this trunk or access port ?
You last conversation says many, but we see here only 4 MAC Address ?
BB
07-08-2018 02:03 AM - edited 07-08-2018 02:04 AM
access port , initially it was 12 MAC addresses then after that PC switched off it decreases to this value
interface GigabitEthernet2/0/33
switchport access vlan 800
switchport mode access
switchport voice vlan 316
no logging event link-status
authentication host-mode multi-auth
authentication open
authentication port-control auto
authentication violation restrict
mab
snmp trap mac-notification change added
snmp trap mac-notification change removed
no snmp trap link-status
dot1x pae authenticator
dot1x timeout tx-period 10
storm-control broadcast level 10.00
storm-control action shutdown
no cdp enable
spanning-tree portfast
spanning-tree bpduguard enable
end
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide