Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2348
Views
0
Helpful
10
Replies

The mac address status is abnormal and cannot be clear on Cat9000 switch !

Rps-Cheers
VIP
VIP

‎09-01-2019 01:23 AM

Hi all: We have met a problem on Cat9300 switch recently. The Catalyst 9300 as a access switch,and connect PC or IP Phone+PC.I find a symptom that is so strange,the mac address status from PC is shown 'static' by 'sho mac address-table ' command , and i didn't configure static mac address binding. A mac address will appear on another port and show 'static ' status after i disconnect the PC few hours.So it will make it PC cannot access the switch port next time.I must clear authen session on abnomal ports if i want to access. This issue happen on multiple ports. sw software version is 16.9.2. Here is the abnormal status: 'bbbb.xxxx.xxxx ' and 'bbbb.xxxx.xxxx ' are other PC's MAC address. 'aaaa.xxxx.xxxx ' is the PC which connect G1/0/1,and there is not other device on G1/0/1,only the PC 'aaaa.xxxx.xxxx '. interface GigabitEthernet1/0/1 switchport mode access switchport voice vlan 10 device-tracking attach-policy DT_Policy authentication event fail action authorize vlan 20 authentication host-mode multi-auth authentication open authentication order dot1x mab authentication port-control auto mab dot1x pae authenticator spanning-tree portfast Have you encountered such a problem? Is there a solution?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rps-Cheers | If it solves your problem, please mark as answer. Thanks !
Labels:
0 Helpful
10 Replies 10

Rps-Cheers
VIP
VIP

‎09-01-2019 01:25 AM

Here is the abnormal status: 'bbbb.xxxx.xxxx ' and 'bbbb.xxxx.xxxx ' are other PC's MAC address. 'aaaa.xxxx.xxxx ' is the PC which connect G1/0/1,and there is not other device on G1/0/1,only the PC 'aaaa.xxxx.xxxx '.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rps-Cheers | If it solves your problem, please mark as answer. Thanks !
Preview file
72 KB
0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame

‎09-01-2019 04:16 AM

Upgrade to 16.9.4 and try again.
0 Helpful

Rps-Cheers
VIP
VIP
In response to Leo Laohoo

‎09-01-2019 05:25 AM

Hi Leo, Thanks for your response. Please tell us what you think. Have you encountered this problem before? Why upgrade to 16.9.4? Thx & BR
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rps-Cheers | If it solves your problem, please mark as answer. Thanks !
0 Helpful

Rps-Cheers
VIP
VIP
In response to Leo Laohoo

‎09-01-2019 05:27 AM

I also see release 16.9.3 is the suggested release on cisco software download page.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rps-Cheers | If it solves your problem, please mark as answer. Thanks !
0 Helpful

anpon
Cisco Employee
Cisco Employee
In response to Rps-Cheers

‎09-01-2019 11:50 AM

Kindly provide show run of the issue port. Also, I feel if you have authentication mac address will be shown as static. But need to check your configuration before concluding anything.

0 Helpful

Rps-Cheers
VIP
VIP
In response to anpon

‎09-01-2019 12:08 PM

There is the configuration of the issue port: interface GigabitEthernet1/0/1 switchport mode access switchport voice vlan 10 device-tracking attach-policy DT_Policy authentication event fail action authorize vlan 20 authentication host-mode multi-auth authentication open authentication order dot1x mab authentication port-control auto mab dot1x pae authenticator spanning-tree portfast i don't know why some mac address will appear on another port,even though this pc don't connect the port.For example , PC-A connect to g1/0/10,PC-B connect to g1/0/20, PC-A's mac will appear on g1/0/20 after PC-A disconnect the port few hours. Is this a bug about this symptom ?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rps-Cheers | If it solves your problem, please mark as answer. Thanks !
0 Helpful

Rps-Cheers
VIP
VIP
In response to anpon

‎09-01-2019 12:10 PM

Sorry, this format is always confusing.
Replenish the configuration under the interface:
interface GigabitEthernet1/0/1
switchport mode access
switchport voice vlan 10
device-tracking attach-policy DT_Policy
authentication event fail action authorize vlan 20
authentication host-mode multi-auth
authentication open
authentication order dot1x mab
authentication port-control auto
mab
dot1x pae authenticator
spanning-tree portfast
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rps-Cheers | If it solves your problem, please mark as answer. Thanks !
0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to Rps-Cheers

‎09-02-2019 12:11 AM

I don't recommend software based on a "star". I recommend software versions based on the number of bugs fixed.
Read the Release Notes of 16.9.4.
0 Helpful

SeMl
Level 1
Level 1
In response to Leo Laohoo

‎11-12-2019 06:02 AM

We also observe this behavior, Cisco C9300-48U running Cisco IOS Software [Fuji], Catalyst L3 Switch Software (CAT9K_IOSXE), Version 16.9.4, RELEASE SOFTWARE (fc2) MAC adresses behind Phones and mab-ports (radius) are registered as static and do not vanish, even with "authentication periodic". Any suggestions?
0 Helpful

Rps-Cheers
VIP
VIP
In response to SeMl

‎11-12-2019 06:23 AM

Maybe,you can try "authentication mac-move permit" command.
use the authentication mac-move permit global configuration command to enable MAC move on a switch.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rps-Cheers | If it solves your problem, please mark as answer. Thanks !
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card