MAC Address Not Learning in Correct VLAN
Presenting Symptom
A host in VLAN 10 cannot communicate with the default gateway, and the switch does not show the host's MAC address in the MAC address table for VLAN 10.
Network Context
This issue occurs in a small branch office with a single Cisco Catalyst 2960 switch running IOS 15.0. The switch has multiple VLANs configured: VLAN 10 (data) and VLAN 20 (voice). The host is connected to an access port that should be assigned to VLAN 10. The switch is connected to a router-on-a-stick for inter-VLAN routing. The problem is that the host's MAC address is not learned in VLAN 10, but it appears in VLAN 1 (default VLAN).
Diagnostic Steps
Check the MAC address table for the host's MAC
show mac address-table | include <host-mac>If the MAC is learned in the wrong VLAN, output might show: VLAN 1, Fa0/1. If not learned at all, no output.
If the MAC appears in VLAN 1 instead of VLAN 10, the port is likely in the wrong VLAN. If no output, the switch is not receiving frames from the host.
Verify the access port configuration
show running-config interface <interface>interface FastEthernet0/1 switchport mode access switchport access vlan 10 spanning-tree portfast
Check if the port is configured as access and assigned to VLAN 10. If the access VLAN is missing or set to 1, that's the root cause.
Check the VLAN configuration and existence
show vlan briefVLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Fa0/2, Fa0/3, ... 10 Data active Fa0/1 20 Voice active ...
Ensure VLAN 10 exists and is active. If VLAN 10 is not listed, it needs to be created. Also verify that the port is listed under VLAN 10.
Check for port security or MAC address filtering
show port-security interface <interface>Port Security : Disabled If enabled, output shows maximum MAC addresses, current count, and violation mode.
If port security is enabled and the host MAC is not allowed, the port may be in err-disable or dropping frames. Look for violation counts or sticky MAC addresses.
Root Cause
The access port was misconfigured with 'switchport access vlan 1' instead of 'switchport access vlan 10'. This caused the switch to place the host's MAC address in VLAN 1, preventing communication with the VLAN 10 default gateway.
Resolution
Verification
Verify the MAC address is now learned in VLAN 10: show mac address-table | include <host-mac> Expected output: 10 aaaa.bbbb.cccc DYNAMIC Fa0/1 Also verify connectivity by pinging the default gateway from the host.
Prevention
1. Use consistent VLAN numbering and document access port assignments. 2. Implement VLAN configuration templates or scripts to avoid manual errors. 3. Use 'show vlan brief' and 'show mac address-table' as part of change validation.
CCNA Exam Relevance
On the CCNA 200-301 exam, this scenario tests VLAN configuration and troubleshooting. Expect multiple-choice questions where you must identify why a MAC address is not in the correct VLAN, or drag-and-drop steps to fix the issue. Key fact: Access ports must be explicitly assigned to a VLAN; otherwise, they default to VLAN 1.
Exam Tips
Remember that 'switchport access vlan' must be configured; the default VLAN is 1.
Use 'show mac address-table' to verify VLAN assignment; if MAC appears in VLAN 1, the port is likely in the default VLAN.
Always check the running configuration of the interface; 'show running-config interface' is your friend.
Commands Used in This Scenario
show mac address-table
Displays the MAC address table (also known as CAM table) on a switch, showing which MAC addresses are learned on which VLAN and port, used to verify Layer 2 forwarding and detect issues like MAC flooding or incorrect port assignments.
show vlan brief
Displays a summary of all VLANs configured on the switch, including VLAN ID, name, status, and ports, used to quickly verify VLAN configuration and port assignments.
Test Your CCNA Knowledge
Practice with scenario-based questions to prepare for the CCNA 200-301 exam.
Practice CCNA Questions