12-09-2017 03:42 AM - last edited on 03-25-2019 04:46 PM by ciscomoderator
After upgrading to version 15.2.2 E7 i have problem when running mac authentication with port security
ex: i have pc with mac 1077.b159.0623 which authenticate from radius server (Aruba clearpass version 6.6.8.1000017 ) assign it in vlan 141
commands on interface :
switchport mode access
switchport port-security mac-address sticky
switchport port-security mac-address sticky 1077.b159.0623 vlan voice
duplex full
authentication order mab
authentication priority mab
authentication port-control auto
authentication periodic
authentication violation restrict
mab
storm-control broadcast level 1.00
spanning-tree portfast
spanning-tree bpduguard enable
1. when i enable port security with mac authentication (maximum mac address 2 ) it show that the mac address in vlan voice although it is not in vlan voice , in the radius server show that this mac address was already accepted and assigned already in vlan 141
switchport port-security mac-address sticky 1077.b159.0623 vlan voice
2. but if i enable mac add with maximum 1 for port security the interface is in error-disable mode
#show inter g4/0/21 status
Port Name Status Vlan Duplex Speed Type
Gi4/0/21 err-disabled 1 full auto 10/100/1000BaseTX
12-09-2017 05:28 AM
Hello.
is that a standalone switch, or part of a stack ?
12-09-2017 05:32 AM
part of stack
12-09-2017 05:45 AM - edited 12-09-2017 05:47 AM
Hello,
you could be hitting one of the bugs below:
Port-security not working after upgrade to 152-2.E7 on 2960X stack.
CSCvg85032
Description
Symptom:
2960X stacks running 15.2(2)E7 having port-security enabled.
Conditions:
Upgrading to 152-2.E7 with port-security configured.
Workaround:
Removing the port-security on the port resolves the issue.
MAC synch is not working on stack of 2960x when port-security enabled
CSCvg64424
Description
Symptom:
Switch does not learn MAC address on ports where port security is enabled.
Conditions:
2960X stacked running 15.2(2)E6
Workaround:
Remove port-securityfrom ports
12-09-2017 06:03 AM
Thanks for your help
I want to notify you that the port security already working well when i assign the port in access vlan 141 manually
but when i run mac authentication with port security the issue happen, i want to run mac authentication with port security in the same time.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: