Meraki

Community

MS120 not learning MAC when access policy is selected

mjheaberlin
Conversationalist
‎Aug 14 2019 1:56 PM
‎Aug 14 2019 1:56 PM

MS120 not learning MAC when access policy is selected

I have MS120 switches that will not learn the MAC address of a specific device, a ShopperTrak, if the port's access policy is "MAC whitelist" or "Sticky MAC whitelist." If the policy is "Open," the switch will learn the MAC. The error displayed in the failing scenario is "Port not forwarding traffic due to access policy." But again, I don't see the MAC in the MAC forwarding table. Sticky MAC works just fine for ShopperTraks on Catalyst 3650s.

 

Does anyone have any experience with Meraki switches and ShopperTrak? Or has anyone had a similar issue with a different device?

 

Thanks

0 Kudos
5 Replies 5
jdsilva
Kind of a big deal
‎Aug 14 2019 2:30 PM
‎Aug 14 2019 2:30 PM

With "Mac Whitelist" it won't learn, you have to define it. But with Sticky it should learn and store the MAC... What are you setting the Whitelist Size to?

 

image.png

http://blog.brokennetwork.ca | @jdsilva
In response to jdsilva
mjheaberlin
Conversationalist
‎Aug 15 2019 5:49 AM
‎Aug 15 2019 5:49 AM

Size was set to 1 for sticky. Yes, I added the MAC address when set to MAC whitelist. Changed to Open and the switch learned the MAC. Switched back to the other two options, received the error below.

 

learned.JPGconfigured.JPGerror.JPG

In response to mjheaberlin
jdsilva
Kind of a big deal
‎Aug 15 2019 7:08 AM
‎Aug 15 2019 7:08 AM

You could try running a capture on the port and see what MACs are present. Maybe that device is doing something funky that doesn't show up with a Catalyst switch? 

 

Otherwise, it sounds like you're setting it up properly, so this one might need to be called into support so they can look at what's triggering the error. 

http://blog.brokennetwork.ca | @jdsilva
0 Kudos
In response to jdsilva
mjheaberlin
Conversationalist
‎Aug 15 2019 7:15 AM
‎Aug 15 2019 7:15 AM

Yeah, we have sticky on most of our ports. Works fine with other devices, and again, worked fine previously for ShopperTrak on the 3650s.

 

I do have a case open for this and just got this response moments ago:

"When the Access Policy is applied to the port, the switch locks the port down until the client device initiates the traffic. Without any traffic coming from the client device, the access policy cannot be validated and port remains shutdown."

 

This may explain the problem, but I'll have to confirm with our vendor. A server may pull the information from the host, rather than the host sending info.

 

I appreciate the responses, thanks!

In response to mjheaberlin
jdsilva
Kind of a big deal
‎Aug 15 2019 7:16 AM
‎Aug 15 2019 7:16 AM

@mjheaberlin wrote:

 

I do have a case open for this and just got this response moments ago:

"When the Access Policy is applied to the port, the switch locks the port down until the client device initiates the traffic. Without any traffic coming from the client device, the access policy cannot be validated and port remains shutdown."

Ah! That seems like a reasonable explanation to me. Thanks for sharing that response. Good to know.

http://blog.brokennetwork.ca | @jdsilva
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.