Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

MAC Address Entries in CAS Untrusted Port


I am deploying NAC L2 OOB Central.
I'm in final configurations and int the moment all ports of  managed switchs are uncontrolled.
Vlan Map and Managed Subnets are configured.
When I run the command sh mac address-table interface at port of the switch where the untrusted port CAS is connected, I see several MAC-Address entries.
Why this occurs? This is a normal behavior?


Daniel Stefani

Everyone's tags (6)

Re: MAC Address Entries in CAS Untrusted Port


Hard to say without looking at it closely, but first thing that comes to mind is that if you have VLAN mapping configured on the CAS, it will actively bridge any packets it sees on the untrusted side (for the VLANs it's doing the mapping for) to the trusted side, and vice-versa. Perhaps you're seeing an effect of that?




If you find this post helpful, please rate so others can find the answer easily

New Member

Re: MAC Address Entries in CAS Untrusted Port

Hi Faisal,

I don't see negative effects. It was just a curiosity,  because they asked me and I could not answer clearly


Daniel Stefani

New Member

Re: MAC Address Entries in CAS Untrusted Port

Guys - I also see this and I am being queried buy the customer.  Basically I have the scenario that you mentioned using virtual gateway and vlan mapping but I am seeing dual mac-address entries within the switch mac-address table even after the SSO and posture validation has taken place and the client has been moved the MAC-Address for the CAS untrusted element is still known. 

I have the mac again-timer configured as recommended for 3600 seconds - can we be certain that having the switch know about the same mac-add from two different locations will not cause connectivity issues !

XXXXXXXXXX#sh mac address-table address 4061.86c1.3314

          Mac Address Table


Vlan    Mac Address       Type        Ports

----    -----------       --------    -----

  10    4061.abcd.3314    DYNAMIC     Po3 = Now Trusted Client

666    4061.abcd.3314    DYNAMIC     Gi1/0/10 = CAS

Total Mac Addresses for this criterion: 2

Any thoughts ?

CreatePlease login to create content