Hi Team,
As part of some customer design testing I ran into some discrepancy on the switch config between the configured MAB/Dot1x priority and what the ‘show access-session interface’ output displays.
The configured priority is as follows:
policy-map type control subscriber SCUH-IDENTITY-POLICY
event session-started match-all
10 class always do-until-failure
10 authenticate using mab priority 10
20 authenticate using dot1x priority 20
However the output of ‘show access-session interface’ seems to indicate Dot1x has priority.
C3650#show access-session int g1/0/19
Interface MAC Address Method Domain Status Fg Session ID
----------------------------------------------------------------------
Gi1/0/19 10dd.b1ec.6913 dot1x DATA Auth C0A8010100000FB1001EBEDC
Gi1/0/19 0026.0bd7.0890 dot1x VOICE Auth C0A8010100000FB0001D38DC
Gi1/0/19 0050.5639.83f3 mab DATA Auth C0A8010100000FB2001EBEE6
Key to Session Events Blocked Status Flags:
A - Applying Policy (multi-line status for details)
D - Awaiting Deletion
F - Final Removal in progress
I - Awaiting IIF ID allocation
N - Waiting for AAA to come up
P - Pushed Session
R - Removing User Profile (multi-line status for details)
U - Applying User Profile (multi-line status for details)
X - Unknown Blocker
Runnable methods list:
Handle Priority Name
16 5 dot1x
19 10 mab
23 15 webauth
C3650#
Can someone explain what the output of ‘show access-session interface’ is based on? Is this a bug or am I reading this incorrectly and one has nothing to do with the other?
Thanks
Thomas
