Guest

Preview Tool

Cisco Bug: CSCsz61958 - MAB is not attempted when a Win XP PC with expired certificate connects

Last Modified

Mar 15, 2012

Products (1)

  • Cisco Catalyst 4000 Series Switches

Known Affected Releases

12.2(50)SG2

Description (partial)

Symptom:
When [MAB + dot1x + Guest VLAN] are all configured on a port, and he PC is directly connected to the port (sends the EAPOL Start after a Req from the switch is seen), the switch sends out 3 unicast Req IDs, an EAP Failure, destroys the session and creates a new one (session ID is new), sends out 3 MCast Req IDs, failsover the MAB. MAB remains in "running" state and is never attempted! 

Conditions:
Misbehaviour is only seen when MAB is also configured on a dot1x port and a Windows XP PC with expired credentials (certificate), configured for EAP-TLS is connected to the switchport.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.