05-21-2012 02:06 AM - edited 03-10-2019 07:06 PM
Hi all,
we have rolled out 802.1x enterprise-wide. As RADIUS-servers, we have deployed ACS 1121 (5.3.0.40). Currently we are rolling-out Win7-clients
The access layer is built on switches of type Catalyst 3560G-48-PoE, running IOS 2.2(53)SE2.
On certain switches we have the problem (only Win 7 clients; XPs do not cause this problem) that client MAC addresses are registered in VLAN 4 (Data-VLAN) as well as in VLAN 996 (Quarantine-VLAN).
switch#sh mac- int gi0/27
Mac Address Table
-----------------------------------------------------------------------------------
Vlan Mac Address Type Ports
------ ------------------- ------- --------
4 2c27.d71d.6279 STATIC Drop
996 2c27.d71d.6279 DYNAMIC Gi0/27
Total Mac Addresses for this criterion: 2
Unfortunately the MAC addresses never will age-out, which means that they keep this status until the switch is rebooted, which is basically not an ideal solution.
We are not abel to connect another client to port showing tha above mentiones status.
Has anyone faced something similar to this ? What is causing this problem ? How can we get rid of these MAC addresses without rebooting the switch ?
Any hints are very much appreciated.
Best regards
RHUB
06-06-2012 05:44 AM
A quick fix is to enable "IP device tracking".
BTW, how are this Change of VLAN performed, CoA ?? and if CoA then reauth or port-bounce?
Port-bounce should also resolve this multiple mac entires
Thanks
06-06-2012 09:21 AM
good evening,
many thanks for your reply. "ip device tracking" would be the solution - thats exactly what I thought too but we have enabled it since we rolled-out the 3560's many month ago.
This status will happen after a clients is not able to authenticate successfully against ACS and therefore should be moved to the quarantine-VLAN. The majority of clients, not authenticating successfully are moved without any problems but some of them show the problem.
Thanks and best regards
Roman
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide