Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3533
Views
20
Helpful
7
Replies

Show MAC table output query Cisco 6509

Pradeep H A
Level 1
Level 1

‎04-06-2017 12:27 AM - edited ‎03-08-2019 10:05 AM

Hello experts,

I need you help to understand the MAC table output of a cisco WS-C6509-E switch. I was trying to trace the L2 path from this switch to the IP 10.64.130.20 which is the next L3 hop

I pinged the IP from my 6509 switch & checked the ARP. From ARP tabe I got the MAC address of the IP & tried to search for that MAC in my MAC table and I saw this...

6509#ping  10.64.130.20

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.64.130.20, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

6509#sh ip arp 10.64.130.20
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  10.64.130.20            0   ecf4.bb48.3ed0  ARPA   Vlan100

6509#sh mac add add ecf4.bb48.3ed0
Legend: * - primary entry
        age - seconds since last seen
        n/a - not available

  vlan   mac address     type    learn     age              ports
------+----------------+--------+-----+----------+--------------------------
No entries present.


6509#sh mac add | i ecf4.bb48.3ed0
   100  ecf4.bb48.3ed0    static  Yes          -   Fa3/27

The first command did not show any entry for that particular MAC address. But the second one using the pipe symbol did. I then assumed may be the first command I used wont show static mac table entries. But why is this entry being marked as static? we havent put any static port-MAC mapping in the switch config. We have configured the port Fa3/27 with dot1x authentication but I see other ports in the same switch with same configuration that have marked the MAC address of connected system as dynamically learned as shown below.


smelb241#sh mac add add 0020.8201.3a72
Legend: * - primary entry
        age - seconds since last seen
        n/a - not available

  vlan   mac address     type    learn     age              ports
------+----------------+--------+-----+----------+--------------------------
Active Supervisor:
*  100  0020.8201.3a72   dynamic  Yes         60   Fa2/47


interface FastEthernet3/27
 switchport
 switchport access vlan 100
 switchport mode access
 switchport nonegotiate
 switchport voice vlan 140
 ip access-group PRE-AUTH-ACL in
 load-interval 30
 authentication event fail action next-method
 authentication event server dead action reinitialize vlan 100
 authentication event server dead action authorize voice
 authentication host-mode multi-auth
 authentication open
 authentication order dot1x mab
 authentication priority dot1x mab
 authentication port-control auto
 authentication periodic
 authentication timer reauthenticate server
 authentication violation restrict
 mab
 wrr-queue bandwidth 30 70
 wrr-queue queue-limit 30 70
 wrr-queue threshold 1 40 100
 wrr-queue cos-map 1 1 1
 wrr-queue cos-map 1 2 0
 wrr-queue cos-map 2 1 2 3 4 6 7
 wrr-queue cos-map 2 2 5
 no snmp trap link-status
 dot1x pae authenticator
 dot1x timeout server-timeout 30
 dot1x timeout tx-period 3
 dot1x max-req 3
 spanning-tree portfast edge
 spanning-tree guard root
 service-policy input User-Access-QoS-Policy
 ip dhcp snooping limit rate 15
end

interface FastEthernet2/47
 switchport
 switchport access vlan 100
 switchport mode access
 switchport nonegotiate
 switchport voice vlan 140
 ip access-group PRE-AUTH-ACL in
 load-interval 30
 authentication event fail action next-method
 authentication event server dead action reinitialize vlan 100
 authentication event server dead action authorize voice
 authentication host-mode multi-auth
 authentication open
 authentication order dot1x mab
 authentication priority dot1x mab
 authentication port-control auto
 authentication periodic
 authentication timer reauthenticate server
 authentication violation restrict
 mab
 wrr-queue bandwidth 30 70
 wrr-queue queue-limit 30 70
 wrr-queue threshold 1 40 100
 wrr-queue cos-map 1 1 1
 wrr-queue cos-map 1 2 0
 wrr-queue cos-map 2 1 2 3 4 6 7
 wrr-queue cos-map 2 2 5
 no snmp trap link-status
 dot1x pae authenticator
 dot1x timeout server-timeout 30
 dot1x timeout tx-period 3
 dot1x max-req 3
 spanning-tree portfast edge
 spanning-tree guard root
 service-policy input User-Access-QoS-Policy
 ip dhcp snooping limit rate 15
end


Anybody knows why the MAC address learnt on port Fa3/27 is being listed as static and doesnt show up in sh mac add add ecf4.bb48.3ed0 command output while the MAC address learnt on Fa2/47 is being listed as dynamic?

Labels:
0 Helpful
7 Replies 7

Diana Karolina Rojas
Cisco Employee
Cisco Employee

‎04-06-2017 10:37 AM

Hello!

Is it a strange behavior, have you ever had Port Security configured on that port? Have you tried "deleting" the static entry even though it was not configured by you?

Regards,

Pradeep H A
Level 1
Level 1
In response to Diana Karolina Rojas

‎04-10-2017 11:11 PM

Hi tried clearing the entry but the result remains same

6509#clear mac address-table ?
  dynamic  dynamic entry type

6509#clear mac address-table dynamic int Fa3/27 vlan 140
MAC entries cleared.

6509#sh mac address-table | i 9caf.ca85.78bc
   140  9caf.ca85.78bc    static  Yes          -   Fa3/27

6509#clear mac address-table dynamic address 9caf.ca85.78bc
MAC entries cleared.

6509#sh mac address-table | i 9caf.ca85.78bc
   140  9caf.ca85.78bc    static  Yes          -   Fa3/27

0 Helpful

Iulian Vaideanu
Level 4
Level 4
In response to Pradeep H A

‎04-11-2017 01:26 AM

What does "sh run | i 9caf.ca85.78bc" output?

Pradeep H A
Level 1
Level 1
In response to Iulian Vaideanu

‎04-27-2017 10:17 PM

Hi guys,

>> I cleared that mac table entry and also cleared the ARP for that host IP address but it came up again as static.

6509#clear mac address-table ?
  dynamic  dynamic entry type

6509#clear mac address-table dynamic int Fa3/27
MAC entries cleared.

6509#clear ip arp 172.28.107.101
6509#

6509#sh mac address-table | i 9caf.ca85.78bc
   140  9caf.ca85.78bc    static  Yes          -   Fa3/27
6509#
6509#sh run | i 9caf.ca85.78bc
6509#

>> Also I am wondering why there is a difference in the below 2 command outputs:

6509#sh mac address-table add 9caf.ca85.78bc
Legend: * - primary entry
        age - seconds since last seen
        n/a - not available

  vlan   mac address     type    learn     age              ports
------+----------------+--------+-----+----------+--------------------------
No entries present.

6509#sh mac address-table | i 9caf.ca85.78bc
   140  9caf.ca85.78bc    static  Yes          -   Fa3/27
6509#
6509#

>> I am totally confused by these behaviour of the switch which is contradicting what I learned as switching basics in CCNA

0 Helpful

Diana Karolina Rojas
Cisco Employee
Cisco Employee
In response to Pradeep H A

‎04-11-2017 06:51 AM

No, I mean to use this command:

(config)#no mac-address-table static xxxx.xxxx.xxxx and after this one: clear arp {ip_addr} 

---Do not forget to rate useful post---

Regards,

Diana Karolina Rojas
Cisco Employee
Cisco Employee
In response to Pradeep H A

‎04-11-2017 08:48 AM

I 'd been reviewing the mac-address table in one of my access switches, when I see this:

SW-RCNQSTA-S11#show cdp nei
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay

Device ID Local Intrfce Holdtme Capability Platform Port ID
*RECO*_AP_Piso_1_Der
Fas 0/37 166 T AIR-LAP11 Fas 0
*RECO*_AP_Piso_1_Izq
Fas 0/48 121 T AIR-LAP11 Fas 0
SW-CoreL2.tparg.com
Gig 0/1 168 R S I WS-C4507R Gig 2/14

SW-RCNQSTA-S11#show mac address-table int Fa0/37
Mac Address Table
-------------------------------------------

Vlan Mac Address Type Ports
---- ----------- -------- -----
801 001d.e554.bd68 STATIC Fa0/37
Total Mac Addresses for this criterion: 1


SW-RCNQSTA-S11#show mac address-table int Fa0/48
Mac Address Table
-------------------------------------------

Vlan Mac Address Type Ports
---- ----------- -------- -----
801 68ef.bdcb.283e DYNAMIC Fa0/48
Total Mac Addresses for this criterion: 1

Both MAC adress are from Access Point that are directly connected to my switch, but It learn one STATIC and the other in DYNAMIC form. I think that a Switch only mark and address as "DYNAMIC" if an arp process happens (due a unkown unicast), but If your device sends a packet first the switch learns this Mac address as "directly connected" and mark it as "static".

---Do not forget to rate useful post---

Regards,

Austin Sabio
Level 4
Level 4

‎04-06-2017 10:40 AM

Check if other ports are behaving same way with 'show mac address-table static' excluding cpu ports. If its only one certain port then try to bounce it, clear arp/mac address only for that certain port. Otherwise, if its multiple ports along with syslog error messages then you might need to clear the entire mac table -during a maintenance window-, A reload to the switch or code upgrade might be required if your code is behind the recommended version. I hope this helps and good luck! 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card