Hi,
today we had a very strange incident on some dot1.x (MAB, host mode multi-auth) enabled switchports: After I deleted a not-used VLAN on the VTP server, dozens of users suddenly lost their LAN-connectivity.
As access-switches we have many different platforms at this site but affected were solely all our c4500 (Supervisor IV, 15.0(2)SG4 IPBASE, ROM: 12.2(31r)SGA4, 100Base-FX linecards), but no 2k/3k platfoms.
On the access-switches we saw:
- "show auth session int <int>" showed authentication successful (as normal)
- "show mac addr int <int>" showed the MAC-address entry in the expected VLAN (also as normal)
But on the Core-Switch
- "show mac addr addr <mac>" showed no result
- "show ip arp <mac>" showed a aging entry (>60 minutes), ping didn't work nor refresh the ARP entry
Not understanding what was going on, we finally did a "clear auth sess interface <int>" on the access-switches and this solved the problem.
I now think this dot1x malfunction was somehow associated to the previous VLAN deletion.
We've been adding VLANs with no problems so far, deleting in contrast doesn't happen very often.
Does anybody know if this is a kown issue/bug?
Thanks
Rolf