[c-nsp] 802.1x Issue with authentication open command

Painting, Stuart Stuart.Painting at TheAA.com
Thu Jan 9 11:46:36 EST 2014 

Off the top of my head:

1. Some authentication changes need a port down/up to take effect.

2. Certain other changes (e.g. removal of RADIUS accounting on a Cat3750) can cause MAB to stop working. The port will show "MAB running" but nothing happens when the end device sends traffic. Solution is to reboot the switch.



-----Original Message-----
From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Mann, Jason
Sent: 09 January 2014 16:22
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] 802.1x Issue with authentication open command

The issue we are running into is that when we initially deployed 802.1x we had the command "authentication open" on all of our switch ports. We ran a CscoWorks job last week Thursday to remove that command from all of our ports. Since that time we have ran into a couple of weird issues where the device was powered up but the switch port would show notconnect when doing a show int status but the speed would show a-1000 and duplex would show a-full. There would be no mac address listed when doing a "show mac add int 'interface'" and the device would be in the MAB running state. This is happening on devices that are supposed to be doing 802.1x and MAB authentication, if we put the command "authentication open" back onto the port it showed connected and mac address. Now we have over 1000 switches on the network with this command removed and so far have only ran into a couple of these odd ball problem ports so at this time it is not happening widespread but would like to take car!
 e of the issue or figure out why this happening before it does.




************************
Jason Mann
DOA/ITSD
Network Operations
wk: (406) 444-1786
cell: (406) 461-6493
jamann at mt.gov<mailto:jamann at mt.gov>
"I can picture a world without war. A world without hate. A world without fear. And I can picture us attacking that world, because they'd never expect it."
- Jack Handey, Deep Thoughts

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

“To our Members we're the 4th Emergency Service " 
This electronic message contains information from AA Corporation Limited or from a member, or members, of its group of companies which may be privileged or confidential. The information is intended to be for the use of the individual(s) or entity named above. If you are not the intended recipient, please delete this e-mail immediately. The contents of this e-mail must not be disclosed or copied without the sender's consent. We cannot accept any responsibility for viruses, so please scan all attachments. 
No changes to Terms and Conditions of trade can be accepted through e-mail communication. All changes to Terms and Conditions must be in writing evidenced by a director of the company and in hard copy format. The statements and opinions expressed in this message are those of the author and do not necessarily reflect those of the company. The company does not take any responsibility for the views of the author. ”

More information about the cisco-nsp mailing list