Preview Tool

Cisco Bug: CSCtd48643 - AUTHMGR cannot see supplicant mac address after all methods fail

Last Modified

Feb 22, 2014

Products (104)

  • Cisco Catalyst 3750 Series Switches
  • Cisco Catalyst 2960G-24TC-L Switch
  • Cisco Catalyst 2960-48TT-S Switch
  • Cisco Catalyst 3750V2-24PS Switch
  • Cisco Catalyst 3750G-12S Switch
  • Cisco Catalyst 3560E-12D-E Switch
  • Cisco ME 3400EG-2CS-A Switch
  • Cisco Catalyst 3560E-48PD-SF Switch
  • Cisco Catalyst 3560E-24TD-S Switch
  • Cisco Catalyst 3560E-48PD-E Switch
View all products in Bug Search Tool Login Required

Known Affected Releases


Description (partial)

Currently the phones don't have dot1x enabled, neither the ACS contains the mab configuration, so the expected result is that both dot1x and mab fail, and the authentication open feature will still allow the phones (or other non dot1x devices) to communicate.

The goal is in the future to enable dot1x on the phones and authenticate the phones, and non dot1x devices via mab.

The unexpected behavior seen is that after the first run of the authentication methods, and all fail, the authentication manager no longer is able to obtain the mac address of the device connected to the port.

The MAB process gets stuck on "mab running" and the "MAB SM state = ACQUIRIN". 
However, the switch contains the mac address of the phone on the mac address table...

- supplicant connected to a dot1x enabled port.
- Authentication open mode enabled.
- dot1x and mab as the authentication methods.
- supplicant is supplicant-less
- ACS does not contain MAB entry for the supplicant

Authentication will fail for dot1x, then fails for MAB, then the authentication manager is no longer able to learn the mac address of the supplicant and MAB never it tried again.
Authnetication manager reports "(Unknown MAC)", even though the mac entry is visible in the mac address table.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.