04-06-2017 12:27 AM - edited 03-08-2019 10:05 AM
Hello experts,
I need you help to understand the MAC table output of a cisco WS-C6509-E switch. I was trying to trace the L2 path from this switch to the IP 10.64.130.20 which is the next L3 hop
I pinged the IP from my 6509 switch & checked the ARP. From ARP tabe I got the MAC address of the IP & tried to search for that MAC in my MAC table and I saw this...
6509#ping 10.64.130.20
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.64.130.20, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
6509#sh ip arp 10.64.130.20
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.64.130.20 0 ecf4.bb48.3ed0 ARPA Vlan100
6509#sh mac add add ecf4.bb48.3ed0
Legend: * - primary entry
age - seconds since last seen
n/a - not available
vlan mac address type learn age ports
------+----------------+--------+-----+----------+--------------------------
No entries present.
6509#sh mac add | i ecf4.bb48.3ed0
100 ecf4.bb48.3ed0 static Yes - Fa3/27
The first command did not show any entry for that particular MAC address. But the second one using the pipe symbol did. I then assumed may be the first command I used wont show static mac table entries. But why is this entry being marked as static? we havent put any static port-MAC mapping in the switch config. We have configured the port Fa3/27 with dot1x authentication but I see other ports in the same switch with same configuration that have marked the MAC address of connected system as dynamically learned as shown below.
smelb241#sh mac add add 0020.8201.3a72
Legend: * - primary entry
age - seconds since last seen
n/a - not available
vlan mac address type learn age ports
------+----------------+--------+-----+----------+--------------------------
Active Supervisor:
* 100 0020.8201.3a72 dynamic Yes 60 Fa2/47
interface FastEthernet3/27
switchport
switchport access vlan 100
switchport mode access
switchport nonegotiate
switchport voice vlan 140
ip access-group PRE-AUTH-ACL in
load-interval 30
authentication event fail action next-method
authentication event server dead action reinitialize vlan 100
authentication event server dead action authorize voice
authentication host-mode multi-auth
authentication open
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
authentication violation restrict
mab
wrr-queue bandwidth 30 70
wrr-queue queue-limit 30 70
wrr-queue threshold 1 40 100
wrr-queue cos-map 1 1 1
wrr-queue cos-map 1 2 0
wrr-queue cos-map 2 1 2 3 4 6 7
wrr-queue cos-map 2 2 5
no snmp trap link-status
dot1x pae authenticator
dot1x timeout server-timeout 30
dot1x timeout tx-period 3
dot1x max-req 3
spanning-tree portfast edge
spanning-tree guard root
service-policy input User-Access-QoS-Policy
ip dhcp snooping limit rate 15
end
interface FastEthernet2/47
switchport
switchport access vlan 100
switchport mode access
switchport nonegotiate
switchport voice vlan 140
ip access-group PRE-AUTH-ACL in
load-interval 30
authentication event fail action next-method
authentication event server dead action reinitialize vlan 100
authentication event server dead action authorize voice
authentication host-mode multi-auth
authentication open
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
authentication violation restrict
mab
wrr-queue bandwidth 30 70
wrr-queue queue-limit 30 70
wrr-queue threshold 1 40 100
wrr-queue cos-map 1 1 1
wrr-queue cos-map 1 2 0
wrr-queue cos-map 2 1 2 3 4 6 7
wrr-queue cos-map 2 2 5
no snmp trap link-status
dot1x pae authenticator
dot1x timeout server-timeout 30
dot1x timeout tx-period 3
dot1x max-req 3
spanning-tree portfast edge
spanning-tree guard root
service-policy input User-Access-QoS-Policy
ip dhcp snooping limit rate 15
end
Anybody knows why the MAC address learnt on port Fa3/27 is being listed as static and doesnt show up in sh mac add add ecf4.bb48.3ed0 command output while the MAC address learnt on Fa2/47 is being listed as dynamic?
04-06-2017 10:37 AM
Hello!
Is it a strange behavior, have you ever had Port Security configured on that port? Have you tried "deleting" the static entry even though it was not configured by you?
Regards,
04-10-2017 11:11 PM
Hi tried clearing the entry but the result remains same
6509#clear mac address-table ?
dynamic dynamic entry type
6509#clear mac address-table dynamic int Fa3/27 vlan 140
MAC entries cleared.
6509#sh mac address-table | i 9caf.ca85.78bc
140 9caf.ca85.78bc static Yes - Fa3/27
6509#clear mac address-table dynamic address 9caf.ca85.78bc
MAC entries cleared.
6509#sh mac address-table | i 9caf.ca85.78bc
140 9caf.ca85.78bc static Yes - Fa3/27
04-11-2017 01:26 AM
What does "sh run | i 9caf.ca85.78bc" output?
04-27-2017 10:17 PM
Hi guys,
>> I cleared that mac table entry and also cleared the ARP for that host IP address but it came up again as static.
6509#clear mac address-table ?
dynamic dynamic entry type
6509#clear mac address-table dynamic int Fa3/27
MAC entries cleared.
6509#clear ip arp 172.28.107.101
6509#
6509#sh mac address-table | i 9caf.ca85.78bc
140 9caf.ca85.78bc static Yes - Fa3/27
6509#
6509#sh run | i 9caf.ca85.78bc
6509#
>> Also I am wondering why there is a difference in the below 2 command outputs:
6509#sh mac address-table add 9caf.ca85.78bc
Legend: * - primary entry
age - seconds since last seen
n/a - not available
vlan mac address type learn age ports
------+----------------+--------+-----+----------+--------------------------
No entries present.
6509#sh mac address-table | i 9caf.ca85.78bc
140 9caf.ca85.78bc static Yes - Fa3/27
6509#
6509#
>> I am totally confused by these behaviour of the switch which is contradicting what I learned as switching basics in CCNA
04-11-2017 06:51 AM
No, I mean to use this command:
(config)#no mac-address-table static xxxx.xxxx.xxxx and after this one: clear arp {ip_addr}
---Do not forget to rate useful post---
Regards,
04-11-2017 08:48 AM
I 'd been reviewing the mac-address table in one of my access switches, when I see this:
SW-RCNQSTA-S11#show cdp nei
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay
Device ID Local Intrfce Holdtme Capability Platform Port ID
*RECO*_AP_Piso_1_Der
Fas 0/37 166 T AIR-LAP11 Fas 0
*RECO*_AP_Piso_1_Izq
Fas 0/48 121 T AIR-LAP11 Fas 0
SW-CoreL2.tparg.com
Gig 0/1 168 R S I WS-C4507R Gig 2/14
SW-RCNQSTA-S11#show mac address-table int Fa0/37
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
801 001d.e554.bd68 STATIC Fa0/37
Total Mac Addresses for this criterion: 1
SW-RCNQSTA-S11#show mac address-table int Fa0/48
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
801 68ef.bdcb.283e DYNAMIC Fa0/48
Total Mac Addresses for this criterion: 1
Both MAC adress are from Access Point that are directly connected to my switch, but It learn one STATIC and the other in DYNAMIC form. I think that a Switch only mark and address as "DYNAMIC" if an arp process happens (due a unkown unicast), but If your device sends a packet first the switch learns this Mac address as "directly connected" and mark it as "static".
---Do not forget to rate useful post---
Regards,
04-06-2017 10:40 AM
Check if other ports are behaving same way with 'show mac address-table static' excluding cpu ports. If its only one certain port then try to bounce it, clear arp/mac address only for that certain port. Otherwise, if its multiple ports along with syslog error messages then you might need to clear the entire mac table -during a maintenance window-, A reload to the switch or code upgrade might be required if your code is behind the recommended version. I hope this helps and good luck!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: