MAB uses the hardware address (MAC address) of the device connecting to the network to authenticate onto the network.
Slots 7 & 8 (I disabled 8 because it was having the same errors as 7) are strictly 40g ports to connect the 95 chassis. MAC Authentication Bypass (MAB) is a method of network access authorization used for endpoints that cannot or are not configured to use 802.1x authentication.
The only thing connected to that switch is the main 9508 chassis. Here's the strange thing: Slot 7 is connected to a 9504 chassis (with FM-E fabric modules for 100g connections that we don't have yet) that isn't even in use yet. Multiple that by a few hundred people, and that's a lot of mac moves. We see a lot of mac moves on our core N9K-9508 (with standard FM fabric modules) because of mulltiple UniFi APs throughout multiple buildings, and when people move to a different part of a building or between buildings, that's a mac move. The solution is to set up each point to generate MAC Notification traps when a MAC address is added or removed from the network. in case of security violation and sticky address learning is disabled.
Because any Cluster member or SGM can transmit traffic using their own MAC and a shared IP address, the Cisco ACI switch thinks that the shared IP is constantly 'moving' to different MACs. When a MAC address, or a group of MAC addresses are configured to enable switch. I am seeing a lot of the following messages:Ģ020 Oct 15 06:10:07 NexCore %-SLOT7-5-BCM_L2_LEARN_DISABLE_MTM_FLOW_CTRL: MAC Learning Disabled unit=0Ģ020 Oct 15 06:10:07 NexCore %-SLOT7-5-BCM_L2_LEARN_DISABLE_MTM_FLOW_CTRL: MAC Learning Disabled unit=1Ģ020 Oct 15 06:10:07 NexCore %-SLOT7-5-BCM_L2_LEARN_DISABLE_MTM_FLOW_CTRL: MAC Learning Disabled unit=2Ģ020 Oct 15 06:10:07 NexCore %-SLOT7-5-BCM_L2_LEARN_ENABLE_MTM_FLOW_CTRL: MAC Learning Enabled unit=0Ģ020 Oct 15 06:10:07 NexCore %-SLOT7-5-BCM_L2_LEARN_ENABLE_MTM_FLOW_CTRL: MAC Learning Enabled unit=1Ģ020 Oct 15 06:10:07 NexCore %-SLOT7-5-BCM_L2_LEARN_ENABLE_MTM_FLOW_CTRL: MAC Learning Enabled unit=2 With 'Dataplane Endpoint Learning', the Cisco switches also learn about the network from the source IP and source MAC information in regular network traffic.