I am testing 802.1x authentication MAC address bypass feature to allow dynamic vlan allocation based on the MAC address We are converting cat OS based 65ks to IOS based . The plan is to replace VMPS with 802.1x MAC bypass feature . Everything works great if the PCs are directly connected to the switch port. If the PC is connected to the back of the IP Phone, it will be put on the right vlan the very first time. When that PC is moved to some other port (to the back of some other IP phone) on the same switch , the swith throws an error message saying its a security voilation because the a secure MAC address is alreay present in MAC table for another port for the same vlan. This is because when the PC was diconnected the switch port stayed up apparently causing the switch not to clear the mac-address enrty. If the PC is directly connected to the switch , the port will go down and the MAC entry would be deleted.
This allows the same device to be plugged to other ports , and put in the same vlan on the same switch. Any ideas how to work around this problem??