08-06-2014 11:22 PM - edited 03-07-2019 08:18 PM
- Due to 'EOL-concerns' we are currently migrating our office switches from cat4500-Supervisor II+ hardware platform to cat4506e switches using supervisor ' Sup 7L-E 10GE' ; IOS version = Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSALK9-M), Version 03.05.03.E.
I copied the running config from the old switches to the new platform quasi exactly ,of course changing stuff such was IP addr, hostname and a few other items.
It tuns out that on the new platform MAB isn't working. Debugging MAB and AAA show nothing appearing in the logs. It seems that MAB just isn't started if something is connected to a user port. MAB simply seems dead.
It seems as if I am missing something fundamental. Concerns are , which license level do I need for MAB on this platform (for instance) ? Does anyone have other tips and tricks ? Note that radius-config and port statements used make MAB work perfectly on the old switches.
Thanks ,
Marc.
Solved! Go to Solution.
08-07-2014 06:18 PM
That chassis and sup definitley support MAB and you don't need a special license to run it.
http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/compatibility/ise_sdt.html
I suspect a:
1. Configuraiton error
2. Bug
Can you post your AAA/dot1x configs here?
Also, 3.5.x of XE has been problematic. If possible you should go to 3.4.4
Thank you for rating helpful posts!
08-07-2014 02:06 PM
Hey Marc,
Check the link below:
www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/15-1/XE_330SG/configuration/guide/config/dot1x.html#wp1203853
HTH.
regards,
RS.
08-08-2014 12:56 AM
Hello Rajeevsh , for us the sequence of MAB commands being used was not an argument since MAB was working on the old 4500.As Neno pointed out we downgraded to 3.4.4 and everyting worked fine since then!
Marc.
08-08-2014 01:13 AM
Thank you for the rating and for taking the time to come back and confirm the root cause of the issue (+5 from me).
08-07-2014 06:18 PM
That chassis and sup definitley support MAB and you don't need a special license to run it.
http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/compatibility/ise_sdt.html
I suspect a:
1. Configuraiton error
2. Bug
Can you post your AAA/dot1x configs here?
Also, 3.5.x of XE has been problematic. If possible you should go to 3.4.4
Thank you for rating helpful posts!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide