02-03-2011 12:17 PM - edited 03-06-2019 03:20 PM
Very strange problem... when we put a port back onto a static access vlan port from a 802.1x configured port... basically removing the 802.1x configuration on the port and reconfigure back to static access vlan port the host on the port can no longer get an ip address or have network access although the port status shows up.
Any idea why this 802.1x configured port on a cisco 3560 switch is behaving like this?
We have to do a reload on the switch in order to allow the host on that port to communicate to the network.
Solved! Go to Solution.
02-08-2011 09:51 AM
Yes it was the same issue on the same version of code 12.2(55)SE. It was an issue on my 3750's and 3560's. I could get a device to authenticate and pull an ip address fine but when I removed that device and plugged in another device on the same port it would authenticate but not pull an ip address. I had to put my switches back to 12.2(50)SE3 to get it to work properly. Cisco had me test all the versions in between until I found one that worked. I have been testing 12.2(55)SE1 on my 3750X since it released and I have not had that issue anymore on that switch.
02-06-2011 03:25 PM
Hey,
for the getting of the IP, maybe the dhcp deadtimer is already timed out because of no link DOWN/UP during the reconfiguration.
If not, maybe the state of the port is not "clear" or "good" so try this:
dot1x re-authenticate interface fastethernet0/1
If that works, you can configure the switch to do it automatic every x-sec.
This example shows how to enable periodic re-authentication and set the
number of seconds between re-authentication attempts to 4000:
Switch(config)# dot1x timeout re-authperiod 4000
Switch(config)# dot1x re-authentication
02-07-2011 10:54 AM
I have tried to manually reauthenticate the port but it still stays in a port up state protocol up state but just will not give out dhcp addresses or network access.
very strange problem
02-08-2011 05:36 AM
what happends if you shut / no shutdown the port?
02-08-2011 09:39 AM
If we do a manual shutdown and no shutdown the interface is up, protocol is up and the host still cant get an address.
It looks like the port is completely fine but no dhcp addresses get issued on the port its the strangest thing.
02-08-2011 08:01 AM
We had this issue as well and contacted TAC and it ended up being the version of code we were running on the switches. What version IOS are you running? I know it was fixed with the latest release.
02-08-2011 09:42 AM
Chris
This is the version we are running
12.2(55)SE
Your issue was identical to this as well?
02-08-2011 09:51 AM
Yes it was the same issue on the same version of code 12.2(55)SE. It was an issue on my 3750's and 3560's. I could get a device to authenticate and pull an ip address fine but when I removed that device and plugged in another device on the same port it would authenticate but not pull an ip address. I had to put my switches back to 12.2(50)SE3 to get it to work properly. Cisco had me test all the versions in between until I found one that worked. I have been testing 12.2(55)SE1 on my 3750X since it released and I have not had that issue anymore on that switch.
02-08-2011 10:07 AM
Chris
The way have been simulating the issue is by leaving the host plugged in.
1) Remove all the dot1x commands on the interface
2) Readd the static access vlan commands on the interface
3) Test it (Still no address for host even a manual dhcp renewal)
4) Shut the port down and turn the port back up (Still no address for host even a manual dhcp renewal)
the port doesn't work until you run a reload on the switch....
02-08-2011 12:21 PM
That sounds pretty similiar to the issues I had. My port wouldn't work until a reload as well. I would try updating your IOS first to the latest one. The TAC engineer did find a bug in that code when we were troubleshooting and I do believe it was related to my issues that are the same or very similar to yours. Let me know if that resolves your issues.
02-08-2011 03:17 PM
I will try upgrading the version but the version we are on is pretty much the latest version... i think there is one new version which i upgrade too
02-14-2011 01:04 PM
Seems the issue does get resolved by updating the firmware from 12.255SE to 12.255SE1
Thanks all
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide