cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
511
Views
20
Helpful
6
Replies
Beginner

ibns 2.0 fuji 16.9.3 mab is being removed from inf template & port during authentication with async .1x & mab authen policy

Hi All (especially Cisco TAC :0)

testing async authentication policy on C9.3K running Fuji 16.9.3 i've found that in certain circumtains (in my case always) port with attached dot1x enabled endpoint totally fails & stops authentication, & as well it removes mab from the interface template (& derived config of port). Have anybody ever faced this crap?  

Everyone's tags (1)
2 ACCEPTED SOLUTIONS

Accepted Solutions
Beginner

Re: ibns 2.0 fuji 16.9.3 mab is being removed from inf template & port during authentication with async .1x & mab authen policy

I have found the following bug ID in my mailbox:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj86626

Removing MAB from the interface is a consequence of the different bugs/issue related to this software with IBNS2.0.

Anyway, I would recommend opening a TAC Case as this is definitely not expected behaviour.

Beginner

Re: ibns 2.0 fuji 16.9.3 mab is being removed from inf template & port during authentication with async .1x & mab authen policy

Hi Everyone
Cisco TAC's advice is to not code MAB in the dynamic interface templates. It must stick in static(original) template of the interface.
This advice was proven.
Thanks to everyone
6 REPLIES 6
Beginner

Re: ibns 2.0 fuji 16.9.3 mab is being removed from inf template & port during authentication with async .1x & mab authen policy

Hi,

I have encountered exactly the same behaviour. According to Cisco it's a bug and should be fixed in 16.11.

Bear in mind that IBNS 2.0 in combination with Fuji Code is full of bugs especially if you want to use dynamic interface templates. Hopefully, it will be fixed in upcoming releases otherwise I would stick to IBNS 1.0 if it still fulfils your requirements.

 

Beginner

Re: ibns 2.0 fuji 16.9.3 mab is being removed from inf template & port during authentication with async .1x & mab authen policy

Hi Josef

thanks for your input. could u pls may be add bug id as reference? I extremely need it to refer to while speaking to customer.

thanks in advance

 

Beginner

Re: ibns 2.0 fuji 16.9.3 mab is being removed from inf template & port during authentication with async .1x & mab authen policy

I have found the following bug ID in my mailbox:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj86626

Removing MAB from the interface is a consequence of the different bugs/issue related to this software with IBNS2.0.

Anyway, I would recommend opening a TAC Case as this is definitely not expected behaviour.

Highlighted
Beginner

Re: ibns 2.0 fuji 16.9.3 mab is being removed from inf template & port during authentication with async .1x & mab authen policy

Hi Josef

i can see n workaround here with moving 'mab' on the interface config level. Seems it's not being removed with this approach, but we need to check as much scenarios as possible. Also can u drop here your ISE version?

tnx

Beginner

Re: ibns 2.0 fuji 16.9.3 mab is being removed from inf template & port during authentication with async .1x & mab authen policy

ISE 2.3 initially, then 2.4, patch 6

Beginner

Re: ibns 2.0 fuji 16.9.3 mab is being removed from inf template & port during authentication with async .1x & mab authen policy

Hi Everyone
Cisco TAC's advice is to not code MAB in the dynamic interface templates. It must stick in static(original) template of the interface.
This advice was proven.
Thanks to everyone