01-23-2018 08:02 AM - edited 03-08-2019 01:31 PM
I have a switch configured with 802.1x and MAB authentication. I have enabled MAB on ports where devices don't support 802.1x with supplicant and x.509 certificates. However the switch some times fails to learn the MAC address of the devices that are plugged into the port. What makes it more intriguing is that the same switch is learning the MAC of other devices that are configured for MAB. I noticed that after I type the "authentication port-control auto" command the switch just doesn't learn the MAC. These are the commands on each interface configured for MAB..
ip access-group ACL_DEFAULT in
authentication event fail action next-method
authentication host-mode multi-auth
authentication order mab dot1x
authentication priority mab dot1x
authentication port-control auto
authentication timer reauthenticate 1800
authentication timer restart 5
authentication timer inactivity 3600 dynamic
authentication violation restrict
mab
dot1x pae authenticator
dot1x timeout tx-period 10
I have these same commands on different interfaces in the same switch and sometimes it learns the MAC and sometimes it does not. Any help would be helpful!
01-23-2018 10:36 AM
- Which switch-model and ios - XE version -> ?
Especially if are running older releases consider upgrading your switch to the latest gold-starred release for your platform; check whether the problem persists.
M.
01-23-2018 10:50 AM
01-24-2018 12:17 AM
- The advisory release is 15.2.2E7(MD) ; not sure this will help ; perhaps it's worth a try
M.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide