[c-nsp] 802.1x Issue with authentication open command

[Mann, Jason]

The issue we are running into is that when we initially deployed 802.1x we had the command "authentication open" on all of our switch ports. We ran a CscoWorks job last week Thursday to remove that command from all of our ports. Since that time we have ran into a couple of weird issues where the device was powered up but the switch port would show notconnect when doing a show int status but the speed would show a-1000 and duplex would show a-full. There would be no mac address listed when doing a "show mac add int 'interface'" and the device would be in the MAB running state. This is happening on devices that are supposed to be doing 802.1x and MAB authentication, if we put the command "authentication open" back onto the port it showed connected and mac address. Now we have over 1000 switches on the network with this command removed and so far have only ran into a couple of these odd ball problem ports so at this time it is not happening widespread but would like to take care of the issue or figure out why this happening before it does.




************************
Jason Mann
DOA/ITSD
Network Operations
wk: (406) 444-1786
cell: (406) 461-6493
jamann at mt.gov<mailto:jamann at mt.gov>
"I can picture a world without war. A world without hate. A world without fear. And I can picture us attacking that world, because they'd never expect it."
- Jack Handey, Deep Thoughts