Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1329
Views
5
Helpful
1
Replies

Wired 802.1x - Monitor Mode - MAC-Addresses showing up Static?

jc84_
Level 1
Level 1

‎02-12-2019 06:16 AM - edited ‎03-08-2019 05:19 PM

We are in the middle of running a pilot for wired 802.1x.  We are using Cisco ISE 2.3 and Cisco Catalyst 3850 switches.  During some recent troubleshooting I noticed that on 802.1x enabled ports that mac-addresses are showing up as type 'STATIC' instead of 'DYNAMIC'?

 

 

Is this correct?

Why is this?

Appreciate any direction.

 

Configuration and show commands listed below:

 

authentication mac-move permit

!

dot1x system-auth-control

!

interface GigabitEthernet2/0/42
switchport access vlan 102
switchport mode access
switchport nonegotiate
switchport voice vlan 124
authentication host-mode multi-auth
authentication open
authentication port-control auto
mab
dot1x pae authenticator
dot1x timeout tx-period 7
dot1x max-reauth-req 3
spanning-tree portfast
end

 

Vlan Mac Address Type Ports
---- ----------- -------- -----
102 0015.5daf.5b02 STATIC Gi2/0/42
102 0015.5daf.5b04 STATIC Gi2/0/42
102 1461.2fff.f89d STATIC Gi2/0/42
102 8c16.453f.75a4 STATIC Gi2/0/42
102 d8cb.8a2c.bccc STATIC Gi2/0/42
124 1461.2fff.f89d DYNAMIC Gi2/0/42

2 people had this problem
Labels:
1 Reply 1

mariya.telitsina
Level 1
Level 1

‎10-12-2022 11:44 PM

Hi,

As far as I know, if a mac address is authorized via dot1x or port-security , it becomes static (and secure). and never ages out.

Please correct me if I got it wrong.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card