Re: The specification from MAB authenticated port to another switch with MAC-move permit.

mhiyoshi · ‎09-03-2018

Dear all,

I have already confirmed the specification for MAB mac-move command

from authenticated port to another port within one Catalyst switch, however

if the authenticated port to another Catalyst switch port which configures globally

"autentication mac-move pemit" what is happen?

In my understanding normally the switch has mac age out timer which is 300 sec by default, however when I have tested between Cat3K, the session delete timing which has already moved to another switch is not so long, I thinks it does not take 300 sec rather than about 60 sec more or less.

So all I have to do is just to let me know such mechanizm or related documentations.

Best Regards,

Masanobu Hiyoshi

mhiyoshi · ‎09-03-2018

Hi this is self update.

Can all you agree with the result? or I appreciate any special comment!

■TEST-2-no mac-move but inactivity setting configures
Result : The session delete after 30 sec.

Cat3650(config)#int gi1/0/1
Cat3650(config-if)#authentication timer ?
inactivity Interval in seconds after which if there is no activity from
the client then it will be unauthorized (default OFF)

Cat3650#sh authentication sessions

Interface MAC Address Method Domain Status Fg Session ID
Gi1/0/1 0000.0000.3333 mab DATA Auth AC1B6DCB00000FD319125FA2

interface GigabitEthernet1/0/1
authentication timer inactivity 30

====> after 30 sec

Cat3650#sh authentication sessions
No sessions currently exist

Regards,

Masanobu Hiyoshi