Relearning of MAC addresses during STP convergence between ports in a switch

I found a problem in STP convergence between two redundant links. when a active link is brought down, traffic is converging into blocked link(port), but relearning of MAC addresses is not happening, which i mean ARP request is not initiated by the switch. Anyone can help in this issue ?

Hey,
Configure uplinkfast. FYI:
http://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/10575-51.html
HTH.
Regards,
RS

Similar Messages

  • Multipe mac addresses entries for the same port (FE)-Switch 3560

    Dear All,
    I have a problem with a host whitch is connected to 11 port of my cisco 3560. from time to time the, the connection is lost with the host and after some troubleshooting i see two entries of mac-address table for the port 11.
    I'm asking if someone has an idee how to explain this issue and how to see if this port is participing to SPT or...
    I see also somme error of collision :
    ===================================
    5 minute input rate 1000 bits/sec, 2 packets/sec
      5 minute output rate 7000 bits/sec, 1 packets/sec
         64677029 packets input, 17167881111 bytes, 0 no buffer
         Received 39036768 broadcasts (0 multicasts)
         0 runts, 0 giants, 0 throttles
         0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
         0 watchdog, 39036088 multicast, 0 pause input
         0 input packets with dribble condition detected
         54722071 packets output, 8588329003 bytes, 0 underruns
         0 output errors, 992 collisions, 1 interface resets
         0 babbles, 2316 late collision, 0 deferred
         0 lost carrier, 0 no carrier, 0 PAUSE output
         0 output buffer failures, 0 output buffers swapped out
    ======================================
    i have two routers in the same switch: my wan router + un other router used to conneced some separated hosts to internet.
    If i use statif addressing for the second subnet (2 hosts + internet router), is there any risk for collision or broadcast domains or errors ?
    is the second router distrub my LAN or WAN ?
    Manay thanks for your help and support.
    Best regards,

    Hello,
    For the first part of the question, I guess somebody might be connecting a hub to that port. If the hub is not negotiating the speed/duplex with the 3560 switch, then that port will go to half-duplex mode and you will see collisions on the port. That might also explain why you are seeing multiple MAC addresses on that port. Please check the port to see if the hub is connected and remove it. You can use features like port-security to ensure only one MAC address is registered on that port and people are not connecting hubs/dumb switches on that port.
    For the second issue, you can certainly use static IP addresses as long as they are not overlapping with other subnets in your network. If they are overlapping, you do need to configure NAT on the router so that they are not affecting rest of the network.
    Hope this helps.
    Regards,
    NT

  • SCCM2012 SP1: rename computer to MAC address during OSD

    Dears, i'm trying to rename the computers during the OSD process to it's MAC addresses. i want to do it by SCCM only without MDT integration because we have SCCM SP1 and MDT 2012 and we're tending to deploy Windows 8.1. and we're alredy deploying Windows 8.1
    with no issues. i'm using the following script: 
    Set env = CreateObject("Microsoft.SMS.TSEnvironment")
    Set ProgressUI = CreateObject("Microsoft.SMS.TsProgressUI")
    Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2") 
    Set IPConfigSet = objWMIService.ExecQuery("SELECT MACAddress FROM Win32_NetworkAdapterConfiguration " & "WHERE IPEnabled=true" )
    ProgressUI.CloseProgressDialog  
    For Each IPConfig In IPConfigSet
      env("OSDComputerName") = Left(Replace(IPConfig.MACAddress,":",""),12)
      WScript.Echo env("OSDComputername")
    Next
    and i'm using it in a  package after apply operating system step as shown in the following snapshot:
    however the machine get named Minintxxxx and the step gives code 0 as a return code which means successfully completed.
    any help please?

    Dears, so sorry for the late reply. here's a part from the SMSTS.log for the setting computer name step with script in the upper post
    TSManager 11/6/2014 9:10:05 AM
    1244 (0x04DC)
    Expand a string: WinPEandFullOS TSManager
    11/6/2014 9:10:05 AM 1244 (0x04DC)
    Executing command line: smsswd.exe /run:PR1000DA cmd.exe /c cscript.exe ADEC_ComputerName.vbs
    TSManager 11/6/2014 9:10:05 AM
    1244 (0x04DC)
    [ smsswd.exe ] InstallSoftware
    11/6/2014 9:10:05 AM 1740 (0x06CC)
    PackageID = 'PR1000DA' InstallSoftware
    11/6/2014 9:10:05 AM 1740 (0x06CC)
    BaseVar = '', ContinueOnError='' InstallSoftware
    11/6/2014 9:10:05 AM 1740 (0x06CC)
    ProgramName = 'cmd.exe /c cscript.exe ADEC_ComputerName.vbs'
    InstallSoftware 11/6/2014 9:10:05 AM
    1740 (0x06CC)
    SwdAction = '0001' InstallSoftware
    11/6/2014 9:10:05 AM 1740 (0x06CC)
    ResolveSource flags: 0x00000000 InstallSoftware
    11/6/2014 9:10:05 AM 1740 (0x06CC)
    SMSTSPersistContent: . The content for package PR1000DA will be persisted
    InstallSoftware 11/6/2014 9:10:05 AM
    1740 (0x06CC)
    DownloadOnDemand flag is true. Attempting to download content locally for Package PR1000DA..
    InstallSoftware 11/6/2014 9:10:05 AM
    1740 (0x06CC)
    Package Flags: 0x1000000 InstallSoftware
    11/6/2014 9:10:05 AM 1740 (0x06CC)
    GetDirectoryListing() entered InstallSoftware
    11/6/2014 9:10:05 AM 1740 (0x06CC)
    Initializing HTTP transport. InstallSoftware
    11/6/2014 9:10:05 AM 1740 (0x06CC)
       Setting URL = http://APDC01CFG05.adec.ae/SMS_DP_SMSPKG$/PR1000DA.
    InstallSoftware 11/6/2014 9:10:05 AM
    1740 (0x06CC)
       Address=http://APDC01CFG05.adec.ae, Scheme=http, Object=/SMS_DP_SMSPKG$/PR1000DA, Port=80.
    InstallSoftware 11/6/2014 9:10:05 AM
    1740 (0x06CC)
       Setting Authenticator. InstallSoftware
    11/6/2014 9:10:05 AM 1740 (0x06CC)
    Set authenticator in transport InstallSoftware
    11/6/2014 9:10:05 AM 1740 (0x06CC)
    WinHttp credentials set InstallSoftware
    11/6/2014 9:10:05 AM 1740 (0x06CC)
    CLibSMSMessageWinHttpTransport::Send: URL: APDC01CFG05.adec.ae:80  PROPFIND /SMS_DP_SMSPKG$/PR1000DA
    InstallSoftware 11/6/2014 9:10:05 AM
    1740 (0x06CC)
    Request was succesful. InstallSoftware
    11/6/2014 9:10:05 AM 1740 (0x06CC)
    DAV response string is: 
     <?xml version="1.0" encoding="utf-8" ?><D:multistatus xmlns:D="DAV:"><D:response><D:href>http://APDC01CFG05.adec.ae/SMS_DP_SMSPKG$/sccm?/PR1000DA/</D:href><D:propstat><D:status>HTTP/1.1
    200 OK</D:status><D:prop><D:getcontenttype/><D:supportedlock/><D:getetag/><D:creationdate/><D:iscollection>1</D:iscollection><D:resourcetype><D:collection/></D:resourcetype><D:ishidden>0</D:ishidden><D:displayname>http://APDC01CFG05.adec.ae/SMS_DP_SMSPKG$/sccm?/PR1000DA/</D:displayname><D:getlastmodified></D:getlastmodified><D:getcontentlanguage/><D:getcontentlength>0</D:getcontentlength></D:prop></D:propstat></D:response><D:response><D:href>http://APDC01CFG05.adec.ae/SMS_DP_SMSPKG$/PR1000DA/sccm?/ADEC_ComputerName.vbs</D:href><D:propstat><D:status>HTTP/1.1
    200 OK</D:status><D:prop><D:getcontenttype/><D:lockdiscovery/><D:supportedlock/><D:getetag/><D:getcontentlanguage/><D:iscollection>0</D:iscollection><D:creationdate/><D:resourcetype/><D:ishidden>0</D:ishidden><D:displayname>http://APDC01CFG05.adec.ae/SMS_DP_SMSPKG$/PR1000DA/sccm?/ADEC_ComputerName.vbs</D:displayname><D:getlastmodified>Wed,
    05 Nov 2014 12:10:59 GMT</D:getlastmodified><D:getcontentlength>527</D:getcontentlength></D:prop></D:propstat></D:response><D:response><D:href>http://APDC01CFG05.adec.ae/SMS_DP_SMSPKG$/PR1000DA/sccm?/Dump_Var.vbs</D:href><D:propstat><D:status>HTTP/1.1
    200 OK</D:status><D:prop><D:getcontenttype/><D:lockdiscovery/><D:supportedlock/><D:getetag/><D:getcontentlanguage/><D:iscollection>0</D:iscollection><D:creationdate/><D:resourcetype/><D:ishidden>0</D:ishidden><D:displayname>http://APDC01CFG05.adec.ae/SMS_DP_SMSPKG$/PR1000DA/sccm?/Dump_Var.vbs</D:displayname><D:getlastmodified>Sun,
    02 Nov 2014 10:13:02 GMT</D:getlastmodified><D:getcontentlength>125</D:getcontentlength></D:prop></D:propstat></D:response></D:multistatus>
    InstallSoftware 11/6/2014 9:10:05 AM
    1740 (0x06CC)
    List of files to be downloaded InstallSoftware
    11/6/2014 9:10:05 AM 1740 (0x06CC)
      File: http://APDC01CFG05.adec.ae:80/SMS_DP_SMSPKG$/PR1000DA/sccm?/ADEC_ComputerName.vbs
    InstallSoftware 11/6/2014 9:10:05 AM
    1740 (0x06CC)
      File: http://APDC01CFG05.adec.ae:80/SMS_DP_SMSPKG$/PR1000DA/sccm?/Dump_Var.vbs
    InstallSoftware 11/6/2014 9:10:05 AM
    1740 (0x06CC)
    GetDirectoryListing() successfully completed
    InstallSoftware 11/6/2014 9:10:05 AM
    1740 (0x06CC)
    Succeeded loading resource DLL 'X:\sms\bin\x64\1033\TSRES.DLL'
    InstallSoftware 11/6/2014 9:10:05 AM
    1740 (0x06CC)
    Downloaded file from http://APDC01CFG05.adec.ae:80/SMS_DP_SMSPKG$/PR1000DA/sccm?/ADEC_ComputerName.vbs to D:\_SMSTaskSequence\Packages\PR1000DA\ADEC_ComputerName.vbs
    InstallSoftware
    11/6/2014 9:10:05 AM 1740 (0x06CC)
    Downloaded file from http://APDC01CFG05.adec.ae:80/SMS_DP_SMSPKG$/PR1000DA/sccm?/Dump_Var.vbs to D:\_SMSTaskSequence\Packages\PR1000DA\Dump_Var.vbs
    InstallSoftware
    11/6/2014 9:10:05 AM 1740 (0x06CC)
    Download done setting progress bar to 100 InstallSoftware
    11/6/2014 9:10:05 AM 1740 (0x06CC)
    VerifyContentHash: Hash algorithm is 32780 InstallSoftware
    11/6/2014 9:10:05 AM 1740 (0x06CC)
    Failed to open Software\Microsoft\Sms\Mobile Client\Software Distribution registry key. The client should not get checked for RWH OpLock Type
    InstallSoftware 11/6/2014 9:10:05 AM
    1740 (0x06CC)
    Failed to open Software\Microsoft\Sms\Mobile Client\Software Distribution registry key. The client should not get checked for RWH OpLock Type
    InstallSoftware 11/6/2014 9:10:05 AM
    1740 (0x06CC)
    Content successfully downloaded at D:\_SMSTaskSequence\Packages\PR1000DA
    InstallSoftware 11/6/2014 9:10:05 AM
    1740 (0x06CC)
    Resolved source to 'D:\_SMSTaskSequence\Packages\PR1000DA'
    InstallSoftware 11/6/2014 9:10:05 AM
    1740 (0x06CC)
    Command line for extension .exe is "%1" %*
    InstallSoftware 11/6/2014 9:10:05 AM
    1740 (0x06CC)
    Set command line: Run command line InstallSoftware
    11/6/2014 9:10:05 AM 1740 (0x06CC)
    Working dir 'D:\_SMSTaskSequence\Packages\PR1000DA'
    InstallSoftware 11/6/2014 9:10:05 AM
    1740 (0x06CC)
    Executing command line: Run command line InstallSoftware
    11/6/2014 9:10:05 AM 1740 (0x06CC)
    Process completed with exit code 1 InstallSoftware
    11/6/2014 9:10:05 AM 1740 (0x06CC)
    Microsoft (R) Windows Script Host Version 5.8
    InstallSoftware 11/6/2014 9:10:05 AM
    1740 (0x06CC)
    Copyright (C) Microsoft Corporation. All rights reserved.
    InstallSoftware 11/6/2014 9:10:05 AM
    1740 (0x06CC)
    InstallSoftware 11/6/2014 9:10:05 AM
    1740 (0x06CC)
    Input Error: There is no script engine for file extension ".vbs".
    InstallSoftware 11/6/2014 9:10:05 AM
    1740 (0x06CC)
    Command line returned 1 InstallSoftware
    11/6/2014 9:10:05 AM 1740 (0x06CC)
    Entering ReleaseSource() for D:\_SMSTaskSequence\Packages\PR1000DA
    InstallSoftware 11/6/2014 9:10:05 AM
    1740 (0x06CC)
    reference count 1 for the source D:\_SMSTaskSequence\Packages\PR1000DA before releasing
    InstallSoftware 11/6/2014 9:10:05 AM
    1740 (0x06CC)
    Released the resolved source D:\_SMSTaskSequence\Packages\PR1000DA
    InstallSoftware 11/6/2014 9:10:05 AM
    1740 (0x06CC)
    Process completed with exit code 1 TSManager
    11/6/2014 9:10:05 AM 1244 (0x04DC)
    TSManager 11/6/2014 9:10:05 AM
    1244 (0x04DC)
    Failed to run the action: Get OSDComputerName. 
    Incorrect function. (Error: 00000001; Source: Windows)
    TSManager 11/6/2014 9:10:05 AM
    1244 (0x04DC)
    i'm so confused about the "Input Error: There is no script engine for file extension ".vbs"." 
    any help please!!

  • Host [MAC] vlan [x] is flapping between port [x/x/x] and port [x/x/x]

    Hi all, I have two switches connected in cross-3750X stack into a single SW 6500., But I get the following error appears.
    18w2d: %SW_MATM-4-MACFLAP_NOTIF: Host 0012.950a.9952 in vlan 10 is flapping between port Gi5/0/46 and port Gi6/0/44
    What can i do?
    Thank you very much¡¡.

    The configuration on the port channel is that all the port must be with the equal configuration :
    For example :
    interface Port-channel1
     description IDC-TO6500 - 192.168.0.12
     switchport trunk encapsulation dot1q
     switchport trunk allowed vlan 1,54,136,192,432
     switchport mode trunk
     speed 100
     duplex full
    interface GigabitEthernet1/0/1
     switchport trunk encapsulation dot1q
     switchport trunk allowed vlan 1,54,136,192,432
     switchport mode trunk
     speed 100
     duplex full
     channel-protocol lacp
     channel-group 1 mode active
    interface GigabitEthernet1/0/2
     switchport trunk encapsulation dot1q
     switchport trunk allowed vlan 1,54,136,192,432
     switchport mode trunk
     speed 100
     duplex full
     channel-protocol lacp
     channel-group 1 mode active
    The same configuration is on the 3750 :
    interface Port-channel1
     description IDC-TO3750 - 192.168.0.12
     switchport trunk encapsulation dot1q
     switchport trunk allowed vlan 1,54,136,192,432
     switchport mode trunk
     speed 100
     duplex full
    interface GigabitEthernet1/0/1
     switchport trunk encapsulation dot1q
     switchport trunk allowed vlan 1,54,136,192,432
     switchport mode trunk
     speed 100
     duplex full
     channel-protocol lacp
     channel-group 1 mode active
    interface GigabitEthernet1/0/2
     switchport trunk encapsulation dot1q
     switchport trunk allowed vlan 1,54,136,192,432
     switchport mode trunk
     speed 100
     duplex full
     channel-protocol lacp
     channel-group 1 mode active

  • Mac Address Table

    Hello, 
    In one of our core switches, the output of the mac-address-table shows some mac addresses which come up as MPLS Multicast address when I looked them up under MAC Manufacturer(See below). Also, in the mac-address-table under the port column,  those mac addresses display several ports associated with them and the word Router(see attachement). My question is, why are these MAC addresses come up as MPLS Multicast and why under the ports is it has the word Router? 
    Thanks in advance...
    Prefix
    Vendor
    01005E
    Internet Multicast (01:00:5E:00:00:00 to 01:00:5E:7F:FF:FF)
    01005E
    MPLS Multicast (01:00:5E:80:00:00 to 01:00:5E:8F:FF:FF)
    01005E
    Internet reserved by IANA (01:00:5E:90:00:00 to 01:00:5E:FF:FF:FF)
    01005E
    Internet reserved by IANA (01:00:5E:90:00:00 to 01:00:5E:FF:FF:FF)
    01005E
    MPLS Multicast (01:00:5E:80:00:00 to 01:00:5E:8F:FF:FF)
    01005E
    Internet Multicast (01:00:5E:00:00:00 to 01:00:5E:7F:FF:FF)

    Hi,
    Yes multiple MAC addresses are supported on each port. The switch learns the MAC by noting the source address of the packet received on each port and on that basis it builds what we call MAC address table. There is an aging mechanism in place which removes the inactive MAC addresses and allows new ones to be learned as devices are connected and disconnected.
    The default aging time is 300 seconds, however if need arises you can change the same by giving the command - 'mac address-table aging time number vlan vlan-id'.
    Have a look at the following link-->
    http://www.cisco.com/en/US/products/hw/switches/ps5213/products_configuration_guide_chapter09186a00801cdf85.html#wp1063713
    Hope this helps!
    Regards,
    AbhisheK
    Please rate all helpful posts!!!

  • WRT610N: Cannot enter MAC address in MAC address filter list

    My WRT610N cannot accept a very specific MAC address in any position of the MAC address filter list.  It is a valid address and it was working fine in the filter list of my WRT54G but the 610N will just not take that specific address!  What is this all about?
    Solved!
    Go to Solution.

    gv wrote:
    There is nothing like a "non-critial setup". It's enough to drive by with a car and within a few minutes your network is hacked. Or it's the bored teenager next door...
    I recommend to replace the WEP only device instead of taking the risk of a hacked network.
    And just forget about the wireless mac address filter. Anyone, who wants to crack your WEP network will collect enough accepted MAC addresses during the cracking process. It's just not worth the trouble to set up the filter and keep the list current...
    Thanks for the diligent follow-up gv but I can't replace the WEP-only device for now.  (I need to go through a conversion process for that device to accept WAP and that will take a fair amount of time)  I understand your point about getting accepted MAC addresses but, at least, it requires a bit more effort... Maybe I will return the WRT610 and stick with my old WRT54 until the 610 gets fixed...

  • LRT214 Access Policy using MAC address

    I recent upgraded to the LRT214 from a Cisco RVS4000 On the RVS4000 I used the Access policy to block internet access to certain devices identified by their MAC address during certain times of the day.  This was very helpful for enfocing the time rules for my daughters Xbox to play games using the internet.  That functionality seems to be gone in the LRT214.  I see I can bind a MAC address to a IP and then retrict that IP but that seems cumbersome-- wondering if there is a way to restrict access using ONLY the MAC address?  thanks in advance.

    This is interesting!
    I believe the Linksys device (LRT214) by design does not have the same feature as the Cisco's but basing from what I saw in the LRT's userguide, what you are trying to do can be achieved.
    The LRT has the a Firewall Access Rule feature that allows blocking by creating a "deny" rule via IP where you can specify the time of duration. I think since you are going to bind the ip to a specific mac, it could help.
    I have not tried it myself since I do not have the device at hand. I hope it will be work.

  • Detemining MAC addresses on WS-C2950G switches

    On my old WS-C3500XL switches (running IOS ver 12.0(5)WC5(fc1), I could input the following IOS command and figure out the MAC address of hosts that are connected to any switch port interface (int fa0/1 in the example below):
    3500xl# show mac int fa0/1
    Non-static Address Table:
    Destination Address Address Type VLAN Destination Port
    0800.20a4.eefe Dynamic 6 FastEthernet0/1
    I work in the aerospace industry and this was very useful for me to verify hosts were connected to the correct switch port (especially in remote locations). It also allowed me to verify more easily find out if someone who shouldn't be connected to the net is (i.e. a user that might disconnect a Sun host to put his PC on the net).
    On my newer WS-C2950G Catalyst 2950 switches running IOS ver 12.1(22)EA1b(fc1), it no longer supports this same IOS command. Is there another command I can use to get this info?
    Thanks,
    Scott

    Hi Scott,
    You can achieve the same with the following command
    sh mac-address-table interface
    eg
    2950#sh mac-address-table interface fa 0/1
    Non-static Address Table:
    Destination Address Address Type VLAN Destination Port
    0015.2bd7.1821 Dynamic 25 FastEthernet0/1
    HTH
    Narayan

  • Duplicate MAC Addresses effect

    Hi All,
    I have a query regarding the entry of duplicate MAC entries in switch. I tried issuing the following command:-
    Switch(config)#mac address-table static 0007.e9f6.4fd2 vlan 1 interface fa0/2
    Switch(config)#mac address-table static 0007.e9f6.4fd2 vlan 1 interface fa0/3
    And after issuing the command, the resultant MAC table was as follows:-
    1 0007.e9f6.4fd1 STATIC Fa0/2 Fa0/3
    What does this signify. Where would a packet destined to this MAC address reach (I mean the port that it will reach)
    Does it mean that there could be Network Load Balancing?
    Thanks,
    Sridhar.

    HI
    It will reach to the port where the end system is connected.u just deifined the mac-address as static on two ports u will not connect the end system to two ports so on the port which u r end system will connected will be up/up and on the port which the end system is not connected it will be in down state.hope i am correct in this if not plz correct me.
    Thanks
    Mahmood

  • Mac-Address Different format for Authorization on Cisco ISE

    Dear All,
    I have problem with my Cisco ISE,
    This is the design :
    ISE ---- Core Switch ---- 3Com Switch --- PC User
    My Case:
    Authorization is based on Mac-address and Active Directory,
    But user with PC that connect to 3Com swtich is Deny by ISE because the Format Mac-address is different with Cisco,
    Mac-address Cisco format :  XX:XX:XX:XX:XX:XX
    Mac-address 3Com format :  XXXX-XXXX-XXXX
    3Com Switch type is TRICOM 4210 26-PORT.
    Anyone have experience with this? and how change the mac-address format in 3Com so user can authorized by Cisco ISE.
    note:
    authorization based on Active Directory is not problem with 3Com Switch.
    Based on my experience, Different product is different format mac-address, so this case not only for 3Com Switch.
    Thanks,
    Arika Wahyono

    I do not think Cisco will add these vendors to the supported switch matrix because then it would be a support issue that cisco would have to deal with, much like most of the AD issues I experienced when I worked in TAC. Your best bet would be to run the evaluation license instance in a lab and have a 3com switch point against that.
    Other than that I do not recommend upgrading to 1.2 without validating that the new "multi-vendor" MAB support will work on your switch.
    PS- Keep in mind that my comments is just my opinion so you may need to open a TAC case for an official answer.
    Tarik Admani
    *Please rate helpful posts*

  • 802.1x sticky mac address

    Hi,
    We have a problem with 802.1x configuration via IP Phone.
    PC (win7 with certificate)-------IP Phone (7911, 9.2.1s firmware)-----switch (2960, lab base 12.2(58)SE2)
    Configuration on the port on the switch:
    interface FastEthernet0/3
    switchport access vlan 699
    switchport mode access
    switchport voice vlan 746
    switchport port-security maximum 2
    switchport port-security
    switchport port-security mac-address sticky
    switchport port-security mac-address sticky 0019.dbdd.42d4
    switchport port-security mac-address sticky 001f.ca35.43c4 vlan voice
    srr-queue bandwidth share 10 10 60 20
    priority-queue out
    authentication event fail retry 0 action authorize vlan 357
    authentication event server dead action authorize vlan 82
    authentication event no-response action authorize vlan 357
    authentication event server alive action reinitialize
    authentication port-control auto
    authentication timer restart 0
    mls qos trust device cisco-phone
    mls qos trust cos
    macro description cisco-phone
    dot1x pae authenticator
    dot1x timeout tx-period 5
    auto qos voip cisco-phone
    spanning-tree portfast
    spanning-tree bpdufilter enable
    spanning-tree bpduguard enable
    service-policy input AutoQoS-Police-CiscoPhone
    After shutting down the PC, port are moving in the d0t1x unauthorized state, but it is also removing sticky MAC address from the port configuration! Without sticky keyword, with adding static mac address via portsecurity on the port, everything is working fine, but I can not understand why dot1x port state are also removing sticky mac address ?
    Most interesting part is that this is not happening if PC is directly connected to the switch, not via IP Phone.
    Any idea?
    Thank You in advance

    Hi Ted,
    802.1X supports the port-based autehnticaion only but you can use it along with port-security to limit the MAC-addresses on the ports.
    http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3750/12119ea1/3750scg/sw8021x.htm
    HTH,
    -amit singh

  • Mac Address Tracing - CatOS

    I have noticed a lot of bad traffic coming from one particular computer on the network. Normally not a big deal, I found the MAC Address in my DHCP Table, logged into a switch, did a 'sh mac-address-table address <mac address>', found what port it was connected to (it was another switch), I then did a 'sh cdp neighbor detail' got the ip address, telneted to that switch, rinsed and repeated... until I hit a switch that had CatOS.
    My question is how do I do this same type of thing on CatOS? I know how to get everything else except which port it is on like the 'sh mac-address-table address <mac address>' command gives me.

    just type show cam it will clearly tell where the mac-address is residing.
    eg. lets say that 6509--->2950---->(my pc)
    in 6509 type show cam
    it show some thing like this...
    Cat6509> (enable) sh cam 00:02:B3:87:EA:10
    * = Static Entry. + = Permanent Entry. # = System Entry. R = Router Entry.
    X = Port Security Entry $ = Dot1x Security Entry
    VLAN Dest MAC/Route Des [CoS] Destination Ports or VCs / [Protocol Type]
    194 00-02-b3-87-ea-10 4/7 [ALL]
    on 4/7 2950 is connected, in that again you type the pc mac address.
    2950#sh mac-address-table address 00-02-b3-87-ea-10
    Mac Address Table
    Vlan Mac Address Type Ports
    194 0002.b387.ea10 DYNAMIC Fa0/2
    Total Mac Addresses for this criterion: 1
    which means the pc is connected on fasethernet 0/2 port.
    hope this helps,
    rate this post.

  • Stopping MAC addresses on 3560 switch interfaces

    Hi,
    I would like to stop certain MAC addresses connecting to the network via a 3560 switch and have configured the config below for VLAN 1. All interfaces belong to VLAN 1. Can anyone tell me if this is the correct config or have I missed something?
    mac access-list extended Bad_Hosts
    permit host 0011.434c.d9bf any 0x806 0x0
    permit host 0011.434a.8026 any 0x806 0x0
    permit host 000b.5d2a.23e3 any 0x806 0x0
    permit host 000b.5d0e.4019 any 0x806 0x0
    vlan access-map MAC 10
    action drop
    match mac address Bad_Hosts
    vlan access-map MAC 20
    action forward
    vlan filter MAC vlan-list 1
    Regards
    Mark
    Network Specialist

    It look like, all the host 'll be reject.
    Try:
    mac access-list extended Bad_Hosts
    deny host 0011.434c.d9bf any 0x806 0x0
    deny host 0011.434a.8026 any 0x806 0x0
    deny host 000b.5d2a.23e3 any 0x806 0x0
    deny host 000b.5d0e.4019 any 0x806 0x0
    permit any any
    vlan access-map MAC 10
    match mac address Bad_Hosts
    action forward
    vlan access-map MAC 20
    action drop
    vlan filter MAC vlan-list 1
    Please, hope this help and rate this post.

  • ACE 4710 MAC Address

    All physical interfaces on ACE 4710 share the same MAC address. Also, VIP addresses share the same MAC address. ACE 4710 is connected to a switch. How is the switch supposed to know which interface to send the packet to if it is doing layer2 switching.
    Thank you in advance for the explanation.

    You can't put 2 interfaces in the same vlan
    switch/Admin(config-if)# switchport access vlan 20
    vlan 20 is associated with GigabitEthernet 1/3.
    switch/Admin(config-if)#
    So, the L2 switch will have an entry for the mac-address in each vlan and this entry can point to different interfaces.
    Gilles.

  • How to find MAC address for WAN port for Airport Express 2nd Gen.

    The New Airport Express has a LAN and a WAN ethernet ports. How can I find the MAC address for the WAN ethernet port as my Service Provider needs it for provisioning....I can fid MAC address for Ethernet and for two wireless 2.4 & 5GHz but not for WAN ethernet port using Airport Utility 6.1

    Many thanks for the swift response. However, there is no WAN MAC address on the box or on the device anywhere. I even used magnifying glass to find one .
    The airport utility shows only three mac addresses. One for 2.4GHz, one for 5GHz and one fo the ethernet (LAN port) whereas there is another ethernet port in the device mentioned as WAN port and I am still not able to find the MAC address for the WAN ehternet port for Airport Express (2nd Generation).
    Will appreciate a response to make th device work wiht my service provider as providing them the WAN mac address is a must. Had there been an option for cloning mac address, the issue would have not been there.
    Many thanks again - in advance.

Maybe you are looking for