Hello,
I have problem with 801.X MAB authentication on Cisco WS-C2960-24PC-L switches. Hire is port configuration on Cat 2960 switch
interface FastEthernet0/2
switchport access vlan 31
switchport mode access
authentication order mab
authentication port-control auto
authentication violation restrict
mab
dot1x pae authenticator
storm-control broadcast level 40.00
storm-control action shutdown
spanning-tree portfast
spanning-tree bpduguard enable
!
The problem is that as soon, as I turn on authentification on port, MAB starts running, and is unable to detect MAC address on port, also when I check port with show mac add command I am unable to see MAC address. But MAC address really exist on that port. When I turn of authentication on port, with show mac add command I can see that MAC address exist on port.
Hire is debug from Cisco switch:
*Mar 1 00:08:18.333: AUTH-EVENT (Fa0/2) dot1x_pm_mda_port_link_linkcomingup: voice VLAN 4096, data VLAN 31
*Mar 1 00:08:18.333: AUTH-EVENT (Fa0/2) Enabling dot1x in switch shim
*Mar 1 00:08:18.333: AUTH-EVENT (Fa0/2) set host access to ask on FastEthernet0/2
*Mar 1 00:08:18.333: AUTH-EVENT (Fa0/2) host access set to 1 on FastEthernet0/2
*Mar 1 00:08:18.333: AUTH-EVENT (Fa0/2) set host access to ask on FastEthernet0/2
*Mar 1 00:08:18.333: AUTH-EVENT (Fa0/2) host access set to 1 on FastEthernet0/2
*Mar 1 00:08:18.333: AUTH-EVENT (Fa0/2) Link UP
*Mar 1 00:08:18.333: AUTH-EVENT (Fa0/2) Assigned AAA ID 0x0000001D
*Mar 1 00:08:18.333: AUTH-EVENT (Fa0/2) Retrieved Accounting Session ID 0x0000001D
*Mar 1 00:08:18.333: AUTH-EVENT (Fa0/2) Allocated new Auth Manager context (handle 0x0500001A)
*Mar 1 00:08:18.333: AUTH-EVENT (Fa0/2) Client 0000.0000.0000, Initialising Method mab state to 'Not run'
*Mar 1 00:08:18.333: AUTH-EVENT (Fa0/2) Adding method mab to runnable list for Auth Mgr context 0x
*Mar 1 00:08:18.333: AUTH-EVENT: auth_mgr_idc_add_record: Recv audit_sid=C0A80E4A0000001A00079A9D
*Mar 1 00:08:18.333: AUTH-EVENT (Fa0/2) Sending START to mab (handle 0x0500001A)
*Mar 1 00:08:18.333: AUTH-EVENT (Fa0/2) Received handle 0x17000013 from method
*Mar 1 00:08:18.333: AUTH-EVENT (Fa0/2) Client 0000.0000.0000, Context changing state from 'Idle' to 'Running'
*Mar 1 00:08:18.333: AUTH-EVENT (Fa0/2) Client 0000.0000.0000, Method mab changing state from 'Not run' to 'Running'
*Mar 1 00:08:18.333: AUTH-EVENT (Fa0/2) dot1x_mab_get_mac: We are going to start listening for macs on port FastEthernet0/8
*Mar 1 00:08:18.333: AUTH-EVENT (Fa0/2) dot1x_mab_set_mac_sent: Listening for MAC on port FastEthernet0/2
*Mar 1 00:08:18.342: AUTH-EVENT (Fa0/2) dot1x_is_mab_interested_in_mac: Still waiting for a MAC on port FastEthernet0/2
*Mar 1 00:08:18.342: AUTH-EVENT (Fa0/2) dot1x_is_mab_interested_in_mac: Still waiting for a MAC on port FastEthernet0/82
*Mar 1 00:08:18.342: AUTH-EVENT (Fa0/2) Host access set to ask on unauthorized port since feature
*Mar 1 00:08:18.342: AUTH-EVENT (Fa0/2) host access set to 1 on FastEthernet0/2
*Mar 1 00:08:18.342: AUTH-EVENT (Fa0/2) dot1x_is_mab_interested_in_mac: Still waiting for a MAC on port FastEthernet0/2
*Mar 1 00:08:18.342: AUTH-EVENT (Fa0/2) Host access set to ask on unauthorized port since feature
*Mar 1 00:08:18.342: AUTH-EVENT (Fa0/2) host access set to 1 on FastEthernet0/2
*Mar 1 00:08:18.342: AUTH-EVENT (Fa0/2) dot1x_is_mab_interested_in_mac: Still waiting for a MAC on port FastEthernet0/2
*Mar 1 00:08:18.635: %LINK-3-UPDOWN: Interface FastEthernet0/2, changed state to up
!
#show authentication sessions interface f0/2
Interface: FastEthernet0/2
MAC Address: Unknown
IP Address: Unknown
Status: Running
Domain: UNKNOWN
Oper host mode: single-host
Oper control dir: both
Session timeout: N/A
Idle timeout: N/A
Common Session ID: C0A80E4A0000001A00079A9D
Acct Session ID: 0x0000001D
Handle: 0x0500001A
Runnable methods list:
Method State
mab Running
!
I have checked number of IOS like 12.2.55-SE9, 15.0.2.-SE7, and 15.0.2.-SE6. But same problem exists
Can you please help me with that problem?
