Customer has one S2700, which one server connects to. They found that there is no MAC address under that interface. Configuration under that interface is below:
port hybrid tagged vlan 1999
mac-limit maximum 1 alarm disable
undo ntdp enable
undo ndp enable
dhcp snooping check dhcp-request enable
dhcp snooping check dhcp-chaddr enable
Check the configuration. We confirmed that it's a normal behavior for S2700 switch not to populate the CAM table when the packet was dropped by switch at layer 3 due to mismatch with DHCP-Snooping static user-bind, and the mac-limit maximum 1 alarm disable is configured at switch port.
The mac-limit maximum 1 alarm disable command makes a difference. Once it's used at a port, in combination with ip source check user-bind enable and DHCP-Snooping static user-bind, the matched source packet will be sent to CPU for MAC address learning, MAC learning can goes normally, and for those mismatched source packets, they will be dropped before they can be sent to CPU for MAC learning, thusly, no CAM table will be populated.
If the mac-limit maximum 1 alarm disable command is removed from port configuration, then MAC learning will be done by ASIC chips rather than the CPU, and even for those mismatched source packets, the MAC learning will be done by ASIC chips before they were dropped, thusly, MAC table will still be populated.