Guest

Preview Tool

Cisco Bug: CSCsz31646 - No more global command to disable dot1x/mab in Auth Manager IOS 12.2.50

Last Modified

Feb 22, 2014

Products (1)

  • Cisco IOS

Known Affected Releases

12.2(50)SG

Description (partial)

Symptom:

Since the Auth Manager appeared in IOS (12.2.50 for small-end switches), the mab and dot1x (and webauth) are independant.

Before, if you wanted to disable all authenticaiton (have all ports forced authorized) "no dot1x system-auth-control" would do that.

Now that mab and dot1x are independant, mab is not affected by this.

Moreover, authentication is now on a per-port basis. So to disable mab, you have to disable mab on every port !!!!

Even if disabling is rather easily doable with an interface range command, re-enabling on all ports where it was configured becomes a complete pain. (you need to save/remember where it was configured).

There should be a way to disable globally mab/dot1x and re-enable globaly (which doesn't mean putt all ports under mab but means re-enable mab on the ports where it was configured).

Conditions:
IOS with Authentication manager (12.2.50 on small-end switches)
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.