Launching soon: The world's first vendor agnostic bug scrubLearn more & join waitlist
OPERATIONAL DEFECT DATABASE
...
...
MAC address learned at wrong VLAN as a result of residue after dynamic vlan assignment. The issue happens on the intermediate base on multiple locations once per day/ couple of days Example of a problematic state: switch#sh mac address-table interface Gig 2/0/1 Mac Address Table ------------------------------------------- Vlan Mac Address Type Ports ---- ----------- -------- ----- 81 xxxx.xxxx.bc4e DYNAMIC Gi2/0/1 <<<< this mac address should be learned in native vlan switch#sh run interface Gig 2/0/1 ! interface GigabitEthernet2/0/1 description CISCO WLAN AP switchport trunk native vlan 3004 <<< native vlan 3004 switchport mode trunk switchport nonegotiate ip flow monitor IPv4_NETFLOW input load-interval 30 ipv6 nd raguard snmp trap mac-notification change added snmp trap mac-notification change removed no snmp trap link-status storm-control broadcast level pps 1k storm-control multicast level pps 50k storm-control action shutdown macro description AP_CONNECTED-MAB no keepalive spanning-tree portfast trunk spanning-tree bpduguard enable ip dhcp snooping limit rate 500 end switch#show access-session int gig 2/0/1 Runnable methods list: Handle Priority Name 12 5 dot1xSup 8 5 dot1x 13 10 webauth 11 15 mab switch#show monitor capture tac buffer detailed | b Frame 7: Frame 7: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0 Ethernet II, Src: xx:xx:xx:xx:bc:4e (xx:xx:xx:xx:bc:4e), Dst: Cisco_28:09:c4 (xx:xx:xx:xx:09:c4) <<< end Cu traffic is coming without vlan header thus the mac address should be learned in vlan 3004 not 81 !!! Destination: Cisco_xx:09:c4 (xx:xx:xx:xx:09:c4) Address: Cisco_xx:09:c4 (xx:xx:xx:xx:09:c4) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: xx:xx:xx:xx:bc:4e (xx:xx:xx:xx:bc:4e) Address: xx:xx:xx:xx:bc:4e (xx:xx:xx:xx:bc:4e) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: ARP (0x0806) Padding: 000000000000000000000000000000000000 Address Resolution Protocol (request) Hardware type: Ethernet (1) Protocol type: IPv4 (0x0800) Hardware size: 6 Protocol size: 4 Opcode: request (1)
Issue found on C3850 platform running 16.12.4 version on ports where AP are connected. Enabled smart macros + access-session on all ports. Problem was not happening when end Cu was using 16.6.6 version
1) shut/no shut of the affected port 2) clear authentication session on the problematic port 3) Diable smart-macros on a global level which disables access-session
++ HW programing of the native VLAN on the problematic interface is fine switch#show platform hardware fed switch 2 vlan 3004 ingress VLAN STP State in hardware vlan id is:: 3004 Interfaces in forwarding state: : Gi2/0/46(Untagged), Gi2/0/48(Untagged), Gi2/1/1(Tagged), Gi2/0/1(Untagged), Gi2/0/4(Untagged), Gi2/0/3(Untagged) flood list: : Gi2/0/46, Gi2/0/48, Gi2/1/1, Gi2/0/1, Gi2/0/4, Gi2/0/3 ++ Issue has been narrowed down to incorrect programming of the mac address as a result of the access-session of the problematic mac switch# conf t switch(conf)# service internal switch#show access-session internal mac xxxx.xxxx.bc4e Auth Manager Context values ----------------------------- Client if id : 0x1D4516FA <<<<<<< the mac is associated with the interface having the ID 0x1D4516FA switch#show platform software fed switch 2 ifm if-id 0x1D4516FA Interface IF_ID : 0x000000001d4516fa Interface Name : C491067130 Interface Block Pointer : 0xffde076f08 Interface Block State : READY Interface State : Enabled Interface Status : ADD Interface Ref-Cnt : 2 Interface Type : WIRED_CLIENT mac : xxxx.xxxx.bc4e parent if_id : 0x0000000000000040 GigabitEthernet2/0/1 Client if_id : 0x000000001d4516fa Client type : 1 Switch Num : 2 ASIC Num : 1 Client LE : 0xffde2c6ca8 <<<--- HW programing of the authentication session switch#show platform hardware fed switch 2 fwd-asic abstraction print-resource-handle 0xffde2c6ca8 1 | i VLAN LEAD_CLIENT_CLIENT_VLAN value 81 Pass <<<<<<<------ this VLAN (81) value overwrites the native vlan settings. LEAD_CLIENT_CLIENT_VLAN_OVERRIDE value 1 Pass <<<<<<<----- this BIT is set ON means overwrite is enabled