09-25-2018 10:05 AM
We have dot1x/mab up and running and seem to have an odd issue that puts the port into an error state. We've set the port to auto-recover after 60s which it does and then runs for quite a while and then errors out again at different intervals.
Log shows:
%AUTHMGR-5-SECURITY_VIOLATION: Security violation on the interface GigabitEthernet0/9 new MAC address (900a.a006.2d00) is seen.AuditSessionID Unassigned
even though it's the same phone/pc on the port. The switch is an old 3560G running 15.0.10 which we are using for testing prior to putting dot1x/mab into production.
Any idea of what could be causing this to happen?
09-25-2018 10:08 AM
09-28-2018 11:48 PM
Hi,
Please check port security is enabled on the interface or not.port security won’t play well with 802.1x as both are l2 security.
You can refer the below document https://community.cisco.com/t5/security-documents/top-ten-mis-configured-cisco-ios-switch-settings-for-ise/ta-p/3643912#toc-hId--1079758048
03-24-2022 07:43 AM
Um caso semelhante que peguei, havia um hub conectado a porta identifique 2 MAC vindo da porta sendo o segundo com drop, pois minha configuração esta habilitado
authentication violation restrict
pra ver o MAC
sh mac address-table interface
03-24-2022 10:55 AM
Hi,
There are 3 things you should check:
- the port is in multi-domain mode if using a PC and phone connected to the same port (authentication host-mode multi-domain)
- authentication violation replace command exists on the interface
- authentication mac-move permit command was configured (global config)
BR,
Octavian
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: