Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2513
Views
40
Helpful
6
Replies

ibns 2.0 fuji 16.9.3 mab is being removed from inf template & port during authentication with async .1x & mab authen policy

Go to solution
andy!doesnt!like!uucp
Spotlight
Spotlight

‎05-01-2019 10:18 AM - edited ‎02-21-2020 11:05 AM

Hi All (especially Cisco TAC :0)

testing async authentication policy on C9.3K running Fuji 16.9.3 i've found that in certain circumtains (in my case always) port with attached dot1x enabled endpoint totally fails & stops authentication, & as well it removes mab from the interface template (& derived config of port). Have anybody ever faced this crap?  

Labels:
3 Accepted Solutions

Accepted Solutions

Go to solution
Jozef Cmorej
Level 1
Level 1
In response to andy!doesnt!like!uucp

‎05-06-2019 12:55 AM

I have found the following bug ID in my mailbox:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj86626

Removing MAB from the interface is a consequence of the different bugs/issue related to this software with IBNS2.0.

Anyway, I would recommend opening a TAC Case as this is definitely not expected behaviour.

View solution in original post

Go to solution
andy!doesnt!like!uucp
Spotlight
Spotlight
In response to Jozef Cmorej

‎05-07-2019 11:41 PM

Hi Josef

i can see n workaround here with moving 'mab' on the interface config level. Seems it's not being removed with this approach, but we need to check as much scenarios as possible. Also can u drop here your ISE version?

tnx

View solution in original post

Go to solution
andy!doesnt!like!uucp
Spotlight
Spotlight

‎07-13-2019 03:34 AM

Hi Everyone
Cisco TAC's advice is to not code MAB in the dynamic interface templates. It must stick in static(original) template of the interface.
This advice was proven.
Thanks to everyone

View solution in original post

6 Replies 6

Go to solution
Jozef Cmorej
Level 1
Level 1

‎05-01-2019 10:00 PM

Hi,

I have encountered exactly the same behaviour. According to Cisco it's a bug and should be fixed in 16.11.

Bear in mind that IBNS 2.0 in combination with Fuji Code is full of bugs especially if you want to use dynamic interface templates. Hopefully, it will be fixed in upcoming releases otherwise I would stick to IBNS 1.0 if it still fulfils your requirements.

 

Go to solution
andy!doesnt!like!uucp
Spotlight
Spotlight
In response to Jozef Cmorej

‎05-02-2019 01:49 AM

Hi Josef

thanks for your input. could u pls may be add bug id as reference? I extremely need it to refer to while speaking to customer.

thanks in advance

 

Go to solution
Jozef Cmorej
Level 1
Level 1
In response to andy!doesnt!like!uucp

‎05-06-2019 12:55 AM

I have found the following bug ID in my mailbox:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj86626

Removing MAB from the interface is a consequence of the different bugs/issue related to this software with IBNS2.0.

Anyway, I would recommend opening a TAC Case as this is definitely not expected behaviour.

Go to solution
andy!doesnt!like!uucp
Spotlight
Spotlight
In response to Jozef Cmorej

‎05-07-2019 11:41 PM

Hi Josef

i can see n workaround here with moving 'mab' on the interface config level. Seems it's not being removed with this approach, but we need to check as much scenarios as possible. Also can u drop here your ISE version?

tnx

Go to solution
Jozef Cmorej
Level 1
Level 1
In response to andy!doesnt!like!uucp

‎05-08-2019 01:38 PM

ISE 2.3 initially, then 2.4, patch 6

0 Helpful

Go to solution
andy!doesnt!like!uucp
Spotlight
Spotlight

‎07-13-2019 03:34 AM

Hi Everyone
Cisco TAC's advice is to not code MAB in the dynamic interface templates. It must stick in static(original) template of the interface.
This advice was proven.
Thanks to everyone
Customers Also Viewed These Support Documents