Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4265
Views
0
Helpful
7
Replies

Cisco 2960X with dot1x - %PM-3-INTERNALERROR: Port Manager Internal Software Error (!pm_vtpvlan_bitlist_test(&pd->operInfo.trunkVlans, vlan):

rrsstefano
Level 1
Level 1

‎08-31-2017 06:24 AM - edited ‎03-08-2019 11:54 AM

Hi all,

 

I want to ask community for a suggestion regarding a potential problem noted on a stack of 2960x with

Cisco IP Phones and PCs connected behind phones

 

Some customers informed us that, sporadically , the PC behind phone is not able to authenticate itself through dot1x while the ip phone is correctly authenticated.

The solution seems to unplug/plug again the ip phone; during automatical retries to authenticate apper on switch logs messages like this :

 

Aug 31 07:34:06.341: %DOT1X-5-FAIL: Authentication failed for client (b4b5.2fc2.a09b) on Interface Gi2/0/4 AuditSessionID 0A47F045000001121F45FED3
Aug 31 07:34:06.509: %MAB-5-FAIL: Authentication failed for client (b4b5.2fc2.a09b) on Interface Gi2/0/4 AuditSessionID 0A47F045000001121F45FED3
Aug 31 07:35:09.785: %DOT1X-5-FAIL: Authentication failed for client (b4b5.2fc2.a09b) on Interface Gi2/0/4 AuditSessionID 0A47F045000001131F46F6A9
Aug 31 07:35:09.946: %MAB-5-FAIL: Authentication failed for client (b4b5.2fc2.a09b) on Interface Gi2/0/4 AuditSessionID 0A47F045000001131F46F6A9
Aug 31 07:35:45.741: %DOT1X-5-FAIL: Authentication failed for client (b4b5.2fc2.a09b) on Interface Gi2/0/4 AuditSessionID 0A47F045000001131F46F6A9
Aug 31 07:36:09.523: %PM-3-INTERNALERROR: Port Manager Internal Software Error (!pm_vtpvlan_bitlist_test(&pd->operInfo.trunkVlans, vlan): ../switch/pm/pm_vlan.c: 1749: pm_vlan_add_port)
-Traceback= 555EECz 2ADAFB0z 2B57C00z 2B1E328z 2553144z 256176Cz 2561A78z 2561F74z 2563838z 2580168z 2581D40z 18A1FD0z 18804C0z 18847C8z 1EA0558z 1884734z

 

In normal condition we see :

 

#show mac address-table interface gigabitEthernet 2/0/4
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
 102    b4b5.2fc2.a09b    STATIC      Gi2/0/4
 202    f866.f2f6.dc37    STATIC      Gi2/0/4
Total Mac Addresses for this criterion: 2

 

where

 

vlan 102 : data vlan

vlan 202 : voice vlan

 

interface GigabitEthernet2/0/4
 description verso presa Lan Telefono IP + PC
 switchport access vlan 102
 switchport mode access
 switchport voice vlan 202
 srr-queue bandwidth share 10 10 20 60
 queue-set 2
 priority-queue out
 authentication control-direction in
 authentication event fail action authorize vlan 999
 authentication event server dead action authorize vlan 102
 authentication event server dead action authorize voice
 authentication event no-response action authorize vlan 999
 authentication event server alive action reinitialize
 authentication host-mode multi-domain
 authentication port-control auto
 authentication periodic
 authentication timer reauthenticate server
 mab
 mls qos trust device cisco-phone
 mls qos trust cos
 dot1x pae authenticator
 dot1x timeout tx-period 3
 spanning-tree portfast
 spanning-tree bpduguard enable
 service-policy input PC-SoftPhone+HardPhone
end

 

Release running on switch stack is :

 

Switch Ports Model                     SW Version            SW Image                
------ ----- -----                     ----------            ----------              
*    1 52    WS-C2960X-48LPD-L         15.2(2)E6             C2960X-UNIVERSALK9-M    
     2 52    WS-C2960X-48LPD-L         15.2(2)E6             C2960X-UNIVERSALK9-M    

 

Have you some similar experience regarding thie behaviour?

 

Thanks to all !!

 

1 person had this problem
Labels:
0 Helpful
7 Replies 7

kimby200602
Level 1
Level 1

‎02-28-2018 12:59 AM

Hello rrsstefano,

Seems like we have the same error.

The PC behind the IP phone is incorrectly assigned to the voice VLAN.

Did you manage to fix this?

I am about to open a TAC case for this.

Thank you!

Regards, Kliment

0 Helpful

Digioutsource
Level 1
Level 1
In response to kimby200602

‎03-08-2018 02:12 AM

We seem to be having the same issue. Were you able to obtain a solution for this?

0 Helpful

rrsstefano
Level 1
Level 1
In response to Digioutsource

‎05-17-2018 02:06 AM

Hi all,

 

we have still problem 'in general' with these stacks and release .... other stange behaviours like a device put randomically in vlan 1 while vlan 1 is not configured in ports.... and this happen not only on ports configured with NAC ....very strange behaviours...we have a TAC case opened through our provider but no good results for now...

 

0 Helpful

BorislavPenchev0962
Level 3
Level 3
In response to rrsstefano

‎11-15-2019 02:03 AM

hey do you know if your TAC managed to help you here ; have same issue ?

0 Helpful

rrsstefano
Level 1
Level 1
In response to BorislavPenchev0962

‎11-15-2019 05:35 AM

Hi all,

finally It seems that TAC was able to isolate the issue ti an  internal Bug.The fixed version 15.2(7)E1 should be released in middle of December 2019

 

We are waiting for...

I'll keep updated !!

 

Best Regards

Stefano

 

0 Helpful

Y C
Level 1
Level 1
In response to rrsstefano

‎12-02-2019 03:15 PM

Can you share the bug id please?

0 Helpful

rrsstefano
Level 1
Level 1
In response to Y C

‎01-20-2020 02:08 AM

Hi all,

 

we installed the release suggested by TAC [ c2960x-universalk9-mz.152-7.E1.bin ] and for now all is working well...even if probably is too early to consider the problem ( devices in vlan 1 ) fixed, because in our experience this issue can appear randomically

 

Regarding the bug id I haven't it as it is considered an internal bug ( strange )

 

I'll keep updated 

 

Thanks

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card