Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
642
Views
0
Helpful
3
Replies

Switch fails to learn MAC when MAB is configured

josephtaubner
Level 1
Level 1

‎01-23-2018 08:02 AM - edited ‎03-08-2019 01:31 PM

I have a switch configured with 802.1x and MAB authentication. I have enabled MAB on ports where devices don't support 802.1x with supplicant and x.509 certificates. However the switch some times fails to learn the MAC address of the devices that are plugged into the port. What makes it more intriguing is that the same switch is learning the MAC of other devices that are configured for MAB. I noticed that after I type the "authentication port-control auto" command the switch just doesn't learn the MAC. These are the commands on each interface configured for MAB..

ip access-group ACL_DEFAULT in
authentication event fail action next-method
authentication host-mode multi-auth
authentication order mab dot1x
authentication priority mab dot1x
authentication port-control auto
authentication timer reauthenticate 1800
authentication timer restart 5
authentication timer inactivity 3600 dynamic
authentication violation restrict
mab
dot1x pae authenticator
dot1x timeout tx-period 10

 

I have these same commands on different interfaces in the same switch and sometimes it learns the MAC and sometimes it does not. Any help would be helpful!

 

Labels:
0 Helpful
3 Replies 3

marce1000
VIP
VIP

‎01-23-2018 10:36 AM

 - Which switch-model and  ios  - XE version -> ?

    Especially if are running older releases consider upgrading your switch to the latest gold-starred release for your platform; check whether the problem persists.

M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

josephtaubner
Level 1
Level 1
In response to marce1000

‎01-23-2018 10:50 AM

Model number                    : WS-C2960X-24PD-L

WS-C2960X-24PD-L          15.2(6)E              C2960X-UNIVERSALK9-M

 

If I'm not mistaking this is the latest release of IOS for this switch model.

Preview file
6 KB
0 Helpful

marce1000
VIP
VIP
In response to josephtaubner

‎01-24-2018 12:17 AM

 

 - The advisory release is 15.2.2E7(MD) ; not sure this will help ; perhaps it's worth a try

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card