Wired 802.1x - Monitor Mode - MAC-Addresses showing up Static?

jc84_ · ‎02-12-2019

We are in the middle of running a pilot for wired 802.1x. We are using Cisco ISE 2.3 and Cisco Catalyst 3850 switches. During some recent troubleshooting I noticed that on 802.1x enabled ports that mac-addresses are showing up as type 'STATIC' instead of 'DYNAMIC'?

Is this correct?

Why is this?

Appreciate any direction.

Configuration and show commands listed below:

authentication mac-move permit

!

dot1x system-auth-control

!

interface GigabitEthernet2/0/42
switchport access vlan 102
switchport mode access
switchport nonegotiate
switchport voice vlan 124
authentication host-mode multi-auth
authentication open
authentication port-control auto
mab
dot1x pae authenticator
dot1x timeout tx-period 7
dot1x max-reauth-req 3
spanning-tree portfast
end

Vlan Mac Address Type Ports
---- ----------- -------- -----
102 0015.5daf.5b02 STATIC Gi2/0/42
102 0015.5daf.5b04 STATIC Gi2/0/42
102 1461.2fff.f89d STATIC Gi2/0/42
102 8c16.453f.75a4 STATIC Gi2/0/42
102 d8cb.8a2c.bccc STATIC Gi2/0/42
124 1461.2fff.f89d DYNAMIC Gi2/0/42

mariya.telitsina · ‎10-12-2022

Hi,

As far as I know, if a mac address is authorized via dot1x or port-security , it becomes static (and secure). and never ages out.

Please correct me if I got it wrong.