Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1937
Views
0
Helpful
1
Replies

Relearning MAC address on a switch (NAC issue)

ncharaipotra
Level 1
Level 1

‎04-09-2010 07:34 AM - edited ‎03-06-2019 10:32 AM

I was wondering if a shut, no shut, will actually clear that particular mac address and force the switch to relearn??  I am deploying Cisco NAC and ran into an issues where the shut no shut did not actually force the mac out of the mac address table.  Any thoughts?  Maybe next time i should just clear the mac table for the whole switch.

Labels:
0 Helpful
1 Reply 1

rwagner
Level 1
Level 1

‎04-15-2010 11:48 AM

Have you configured "MAC Changed Notification"?, or if you are using 4.1(3)+ "MAC Move notification?

Here is a link for 4.1(3):

http://www.cisco.com/en/US/docs/security/nac/appliance/release_notes/413/413rn.html#wp299440

MAC change notification—when the switch learns a new MAC address on a managed port

MAC move notification—when a device/host moves from one managed port to another

Here is how it works:

(disclaimer: I am also working on NAC implementation and have not actually done this step before but this is how  I understand it works)

MAC Change:

You plug in Device 1 into Switch A on gi2/2.  MAC change notification identifies the MAC fro Device 1 and sends it to the NAC.  Then the NAC configures the switch to be on the correct vlan and such.  This process also clears the switch's MAC address entry for gi2/2 and updates the MAC address.

You can then unplug Device 1 and plug in Device 2.  Mac change notification goes to work again and repeats the process which then configures the mac-address and vlan and all the other stuff from NAC to the switch.

MAC Move:

So let's say you have Device 1 unplugged, but you never plugged in Device 2.  The mac-address is going to be listed on gi2/2 still and if NAC tried to apply the same mac to another switch port then port-security will prohibit the dual mac entry.  MAC move clears this up by deleting the mac entry on 2/2, and i think it sets a port based mac like 0022.000.000, and now with the mac cleared from gi2/2 it can now be applied in the same way as MAC change works.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card