Guest

Preview Tool

Cisco Bug: CSCta24035 - Increase VLAN Detect Interval to 15 minutes

Last Modified

Nov 13, 2016

Products (1)

  • Cisco NAC Appliance (Clean Access)

Known Affected Releases

4.6(2.112)

Description (partial)

Symptom:

This happens in a NAC setup L2VGWOOB using the core switch in redundancy mode and access switch for clients.  client VLANs are trunked from access switch to core.
Before authentication due to vlan mapping traffic is sent through the untrusted to trusted port of CAS as a result core switch has the MAC entry of trusted VLAN and CAS trusted port. 
After authentication this switch entry is not updated, as a result traffic from other subnets are sent to CAS trusted port instead of sending it directly to the PC. CAS backholes this traffic as a result.

Conditions:

This happens in a unique setup with core switch redundancy, where it takes time for CAM table on two core switches to merge. Half of the VLAN's are forwarded to one switch and half of the other VLANs sent through other switch. Hence CAM table needs to be refreshed on both switches.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.