Solved: Force authentication on newly configured port

jeremy.hinton · ‎01-29-2020

When first configuring authentication on a switch (in this case a 2960X running 15.2(2)E10), how can you authenticate a port for the first time without bouncing it? I've got a port that is already up, with a device connected, and no authentication configured. When I then configure dot1x/mab on the port, it stays up and running without attempting to authenticate. In order for the initial authentication to happen, I have to bounce the port. I'm trying to find a way to just have a newly configured port authenticate without having to bounce it first. I've tried clearing authentication on the port, clearing mac addresses, setting it to force-authorized, nothing seems to work.

The issue is, if I have to bounce the port, it cuts PoE to any phone attached and causes a multi-minute outage. Since our initial rollout is low-impact mode with authentication open, if I can force a newly configured port to authenticate without a bounce, I can do it non-disruptively and outside of a maintenance window. Any suggestions?

Colby LeMaire · ‎01-29-2020

Usually I would recommend to clear the sessions on the port using "clear auth sess int gx/y" but it sounds like you already tried that. What about removing the "dot1x port-control auto" command and then putting back in?

View solution in original post

Colby LeMaire · ‎01-29-2020

Usually I would recommend to clear the sessions on the port using "clear auth sess int gx/y" but it sounds like you already tried that. What about removing the "dot1x port-control auto" command and then putting back in?

jeremy.hinton · ‎01-29-2020

It was "authentication port-control auto", but that did it. Thank you very much!

Colby LeMaire · ‎01-29-2020

Excellent, glad that worked!