Guest

Preview Tool

Cisco Bug: CSCum75962 - abnormal dot1x authentication failure msg from some specific mac address

Last Modified

May 20, 2019

Products (143)

  • Cisco IOS
  • Cisco Catalyst 3560X-48P-S Switch
  • Cisco Catalyst 2960-48TT-S Switch
  • Cisco Catalyst 2960-24-S Switch
  • Cisco Catalyst 2960-24TC-L Switch
  • Cisco Catalyst 3560CG-8TC-S Compact Switch
  • Cisco Catalyst 3560G-48PS Switch
  • Cisco Catalyst 3560E-24TD-S Switch
  • Cisco Catalyst 3560-12PC-S Compact Switch
  • Cisco Catalyst 3750V2-24PS Switch
View all products in Bug Search Tool Login Required

Known Affected Releases

15.0(2)SE2

Description (partial) 

Symptom:
Frequent dot1x authentication failure msg came out at many different port, all of them has same source mac address, such as:
053909: Jan 23 02:56:39.597 BJ: %AUTHMGR-5-START: Starting 'dot1x' for client (0025.4619.7214) on Interface Gi1/0/28 AuditSessionID AC014579000001B524053E46
053910: Jan 23 02:56:55.073 BJ: %DOT1X-5-FAIL: Authentication failed for client (0025.4619.7214) on Interface Gi1/0/28 AuditSessionID AC014579000001B524053E46
053911: Jan 23 02:56:55.073 BJ: %AUTHMGR-7-STOPPING: Stopping 'dot1x' for client 0025.4619.7214 on Interface Gi1/0/28 AuditSessionID AC014579000001B524053E46
053912: Jan 23 02:56:55.073 BJ: %AUTHMGR-5-START: Starting 'mab' for client (0025.4619.7214) on Interface Gi1/0/28 AuditSessionID AC014579000001B524053E46
053913: Jan 23 02:56:55.099 BJ: %MAB-5-FAIL: Authentication failed for client (0025.4619.7214) on Interface Gi1/0/28 AuditSessionID AC014579000001B524053E46
053914: Jan 23 02:56:55.099 BJ: %AUTHMGR-7-STOPPING: Stopping 'mab' for client 0025.4619.7214 on Interface Gi1/0/28 AuditSessionID AC014579000001B524053E46
053915: Jan 23 02:56:55.099 BJ: %AUTHMGR-5-FAIL: Authorization failed or unapplied for client (0025.4619.7214) on Interface Gi1/0/28 AuditSessionID AC014579000001B524053E46

056306: Jan 23 12:23:24.894 BJ: %AUTHMGR-5-START: Starting 'dot1x' for client (0025.4619.7214) on Interface Gi1/0/23 AuditSessionID AC014579000001D42811BF05
056307: Jan 23 12:23:40.370 BJ: %DOT1X-5-FAIL: Authentication failed for client (0025.4619.7214) on Interface Gi1/0/23 AuditSessionID AC014579000001D42811BF05
056308: Jan 23 12:23:40.370 BJ: %AUTHMGR-7-STOPPING: Stopping 'dot1x' for client 0025.4619.7214 on Interface Gi1/0/23 AuditSessionID AC014579000001D42811BF05
056309: Jan 23 12:23:40.370 BJ: %AUTHMGR-5-START: Starting 'mab' for client (0025.4619.7214) on Interface Gi1/0/23 AuditSessionID AC014579000001D42811BF05
056310: Jan 23 12:23:40.395 BJ: %MAB-5-FAIL: Authentication failed for client (0025.4619.7214) on Interface Gi1/0/23 AuditSessionID AC014579000001D42811BF05
056311: Jan 23 12:23:40.412 BJ: %AUTHMGR-7-STOPPING: Stopping 'mab' for client 0025.4619.7214 on Interface Gi1/0/23 AuditSessionID AC014579000001D42811BF05
056312: Jan 23 12:23:40.412 BJ: %AUTHMGR-5-FAIL: Authorization failed or unapplied for client (0025.4619.7214) on Interface Gi1/0/23 AuditSessionID AC014579000001D42811BF05

this happened at every customer switch stack and the source mac has regular pattern:

SO-OAW3750-18F-C1	0064.4001.949c
SO-OAW3750-19F-C1	0064.4001.949d
SO-OAW3750-20F-C1	0025.4619.7213
SO-OAW3750-21F-C1	0025.4619.7214
SO-OAW3750-22F-C1	0025.4619.7215
SO-OAW3750-23F-C1	0025.4619.7216
SO-OAW3750-25F-C1	0025.4619.7217

Conditions:
enable dot1x authentication
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.