Cisco Bug: CSCsz61958 - MAB is not attempted when a Win XP PC with expired certificate connects
Mar 15, 2012
- Cisco Catalyst 4000 Series Switches
Known Affected Releases
Symptom: When [MAB + dot1x + Guest VLAN] are all configured on a port, and he PC is directly connected to the port (sends the EAPOL Start after a Req from the switch is seen), the switch sends out 3 unicast Req IDs, an EAP Failure, destroys the session and creates a new one (session ID is new), sends out 3 MCast Req IDs, failsover the MAB. MAB remains in "running" state and is never attempted! Conditions: Misbehaviour is only seen when MAB is also configured on a dot1x port and a Windows XP PC with expired credentials (certificate), configured for EAP-TLS is connected to the switchport.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases