Show MAC table output query Cisco 6509

Pradeep H A · ‎04-06-2017

Hello experts,

I need you help to understand the MAC table output of a cisco WS-C6509-E switch. I was trying to trace the L2 path from this switch to the IP 10.64.130.20 which is the next L3 hop

I pinged the IP from my 6509 switch & checked the ARP. From ARP tabe I got the MAC address of the IP & tried to search for that MAC in my MAC table and I saw this...

6509#ping 10.64.130.20

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.64.130.20, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

6509#sh ip arp 10.64.130.20
Protocol Address          Age (min) Hardware Addr   Type   Interface
Internet 10.64.130.20            0   ecf4.bb48.3ed0 ARPA   Vlan100

6509#sh mac add add ecf4.bb48.3ed0
Legend: * - primary entry
        age - seconds since last seen
        n/a - not available

vlan   mac address     type    learn     age              ports
------+----------------+--------+-----+----------+--------------------------
No entries present.

6509#sh mac add | i ecf4.bb48.3ed0
   100 ecf4.bb48.3ed0    static Yes          -   Fa3/27

The first command did not show any entry for that particular MAC address. But the second one using the pipe symbol did. I then assumed may be the first command I used wont show static mac table entries. But why is this entry being marked as static? we havent put any static port-MAC mapping in the switch config. We have configured the port Fa3/27 with dot1x authentication but I see other ports in the same switch with same configuration that have marked the MAC address of connected system as dynamically learned as shown below.

smelb241#sh mac add add 0020.8201.3a72
Legend: * - primary entry
        age - seconds since last seen
        n/a - not available

vlan   mac address     type    learn     age              ports
------+----------------+--------+-----+----------+--------------------------
Active Supervisor:
* 100 0020.8201.3a72   dynamic Yes         60   Fa2/47

interface FastEthernet3/27
switchport
switchport access vlan 100
switchport mode access
switchport nonegotiate
switchport voice vlan 140
ip access-group PRE-AUTH-ACL in
load-interval 30
authentication event fail action next-method
authentication event server dead action reinitialize vlan 100
authentication event server dead action authorize voice
authentication host-mode multi-auth
authentication open
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
authentication violation restrict
mab
wrr-queue bandwidth 30 70
wrr-queue queue-limit 30 70
wrr-queue threshold 1 40 100
wrr-queue cos-map 1 1 1
wrr-queue cos-map 1 2 0
wrr-queue cos-map 2 1 2 3 4 6 7
wrr-queue cos-map 2 2 5
no snmp trap link-status
dot1x pae authenticator
dot1x timeout server-timeout 30
dot1x timeout tx-period 3
dot1x max-req 3
spanning-tree portfast edge
spanning-tree guard root
service-policy input User-Access-QoS-Policy
ip dhcp snooping limit rate 15
end

interface FastEthernet2/47
switchport
switchport access vlan 100
switchport mode access
switchport nonegotiate
switchport voice vlan 140
ip access-group PRE-AUTH-ACL in
load-interval 30
authentication event fail action next-method
authentication event server dead action reinitialize vlan 100
authentication event server dead action authorize voice
authentication host-mode multi-auth
authentication open
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
authentication violation restrict
mab
wrr-queue bandwidth 30 70
wrr-queue queue-limit 30 70
wrr-queue threshold 1 40 100
wrr-queue cos-map 1 1 1
wrr-queue cos-map 1 2 0
wrr-queue cos-map 2 1 2 3 4 6 7
wrr-queue cos-map 2 2 5
no snmp trap link-status
dot1x pae authenticator
dot1x timeout server-timeout 30
dot1x timeout tx-period 3
dot1x max-req 3
spanning-tree portfast edge
spanning-tree guard root
service-policy input User-Access-QoS-Policy
ip dhcp snooping limit rate 15
end

Anybody knows why the MAC address learnt on port Fa3/27 is being listed as static and doesnt show up in sh mac add add ecf4.bb48.3ed0 command output while the MAC address learnt on Fa2/47 is being listed as dynamic?

Diana Karolina Rojas · ‎04-06-2017

Hello!

Is it a strange behavior, have you ever had Port Security configured on that port? Have you tried "deleting" the static entry even though it was not configured by you?

Regards,

Pradeep H A · ‎04-10-2017

Hi tried clearing the entry but the result remains same

6509#clear mac address-table ?
dynamic dynamic entry type

6509#clear mac address-table dynamic int Fa3/27 vlan 140
MAC entries cleared.

6509#sh mac address-table | i 9caf.ca85.78bc
140 9caf.ca85.78bc static Yes - Fa3/27

6509#clear mac address-table dynamic address 9caf.ca85.78bc
MAC entries cleared.

6509#sh mac address-table | i 9caf.ca85.78bc
140 9caf.ca85.78bc static Yes - Fa3/27

Iulian Vaideanu · ‎04-11-2017

What does "sh run | i 9caf.ca85.78bc" output?

Pradeep H A · ‎04-27-2017

Hi guys,

>> I cleared that mac table entry and also cleared the ARP for that host IP address but it came up again as static.

6509#clear mac address-table ?
dynamic dynamic entry type

6509#clear mac address-table dynamic int Fa3/27
MAC entries cleared.

6509#clear ip arp 172.28.107.101
6509#

6509#sh mac address-table | i 9caf.ca85.78bc
140 9caf.ca85.78bc static Yes - Fa3/27
6509#
6509#sh run | i 9caf.ca85.78bc
6509#

>> Also I am wondering why there is a difference in the below 2 command outputs:

6509#sh mac address-table add 9caf.ca85.78bc
Legend: * - primary entry
        age - seconds since last seen
        n/a - not available

vlan   mac address     type    learn     age              ports
------+----------------+--------+-----+----------+--------------------------
No entries present.

6509#sh mac address-table | i 9caf.ca85.78bc
140 9caf.ca85.78bc static Yes - Fa3/27
6509#
6509#

>> I am totally confused by these behaviour of the switch which is contradicting what I learned as switching basics in CCNA

Diana Karolina Rojas · ‎04-11-2017

No, I mean to use this command:

(config)#no mac-address-table static xxxx.xxxx.xxxx and after this one: clear arp {ip_addr}

---Do not forget to rate useful post---

Regards,

Diana Karolina Rojas · ‎04-11-2017

I 'd been reviewing the mac-address table in one of my access switches, when I see this:

SW-RCNQSTA-S11#show cdp nei
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay

Device ID Local Intrfce Holdtme Capability Platform Port ID
*RECO*_AP_Piso_1_Der
Fas 0/37 166 T AIR-LAP11 Fas 0
*RECO*_AP_Piso_1_Izq
Fas 0/48 121 T AIR-LAP11 Fas 0
SW-CoreL2.tparg.com
Gig 0/1 168 R S I WS-C4507R Gig 2/14

SW-RCNQSTA-S11#show mac address-table int Fa0/37
Mac Address Table
-------------------------------------------

Vlan Mac Address Type Ports
---- ----------- -------- -----
801 001d.e554.bd68 STATIC Fa0/37
Total Mac Addresses for this criterion: 1

SW-RCNQSTA-S11#show mac address-table int Fa0/48
Mac Address Table
-------------------------------------------

Vlan Mac Address Type Ports
---- ----------- -------- -----
801 68ef.bdcb.283e DYNAMIC Fa0/48
Total Mac Addresses for this criterion: 1

Both MAC adress are from Access Point that are directly connected to my switch, but It learn one STATIC and the other in DYNAMIC form. I think that a Switch only mark and address as "DYNAMIC" if an arp process happens (due a unkown unicast), but If your device sends a packet first the switch learns this Mac address as "directly connected" and mark it as "static".

---Do not forget to rate useful post---

Regards,

Austin Sabio · ‎04-06-2017

Check if other ports are behaving same way with 'show mac address-table static' excluding cpu ports. If its only one certain port then try to bounce it, clear arp/mac address only for that certain port. Otherwise, if its multiple ports along with syslog error messages then you might need to clear the entire mac table -during a maintenance window-, A reload to the switch or code upgrade might be required if your code is behind the recommended version. I hope this helps and good luck!