Cisco Bug: CSCum75962 - abnormal dot1x authentication failure msg from some specific mac address
Last Modified
May 20, 2019
Products (143)
- Cisco IOS
- Cisco Catalyst 3560X-48P-S Switch
- Cisco Catalyst 2960-48TT-S Switch
- Cisco Catalyst 2960-24-S Switch
- Cisco Catalyst 2960-24TC-L Switch
- Cisco Catalyst 3560CG-8TC-S Compact Switch
- Cisco Catalyst 3560G-48PS Switch
- Cisco Catalyst 3560E-24TD-S Switch
- Cisco Catalyst 3560-12PC-S Compact Switch
- Cisco Catalyst 3750V2-24PS Switch

Known Affected Releases
15.0(2)SE2
Description (partial)
Symptom: Frequent dot1x authentication failure msg came out at many different port, all of them has same source mac address, such as: 053909: Jan 23 02:56:39.597 BJ: %AUTHMGR-5-START: Starting 'dot1x' for client (0025.4619.7214) on Interface Gi1/0/28 AuditSessionID AC014579000001B524053E46 053910: Jan 23 02:56:55.073 BJ: %DOT1X-5-FAIL: Authentication failed for client (0025.4619.7214) on Interface Gi1/0/28 AuditSessionID AC014579000001B524053E46 053911: Jan 23 02:56:55.073 BJ: %AUTHMGR-7-STOPPING: Stopping 'dot1x' for client 0025.4619.7214 on Interface Gi1/0/28 AuditSessionID AC014579000001B524053E46 053912: Jan 23 02:56:55.073 BJ: %AUTHMGR-5-START: Starting 'mab' for client (0025.4619.7214) on Interface Gi1/0/28 AuditSessionID AC014579000001B524053E46 053913: Jan 23 02:56:55.099 BJ: %MAB-5-FAIL: Authentication failed for client (0025.4619.7214) on Interface Gi1/0/28 AuditSessionID AC014579000001B524053E46 053914: Jan 23 02:56:55.099 BJ: %AUTHMGR-7-STOPPING: Stopping 'mab' for client 0025.4619.7214 on Interface Gi1/0/28 AuditSessionID AC014579000001B524053E46 053915: Jan 23 02:56:55.099 BJ: %AUTHMGR-5-FAIL: Authorization failed or unapplied for client (0025.4619.7214) on Interface Gi1/0/28 AuditSessionID AC014579000001B524053E46 056306: Jan 23 12:23:24.894 BJ: %AUTHMGR-5-START: Starting 'dot1x' for client (0025.4619.7214) on Interface Gi1/0/23 AuditSessionID AC014579000001D42811BF05 056307: Jan 23 12:23:40.370 BJ: %DOT1X-5-FAIL: Authentication failed for client (0025.4619.7214) on Interface Gi1/0/23 AuditSessionID AC014579000001D42811BF05 056308: Jan 23 12:23:40.370 BJ: %AUTHMGR-7-STOPPING: Stopping 'dot1x' for client 0025.4619.7214 on Interface Gi1/0/23 AuditSessionID AC014579000001D42811BF05 056309: Jan 23 12:23:40.370 BJ: %AUTHMGR-5-START: Starting 'mab' for client (0025.4619.7214) on Interface Gi1/0/23 AuditSessionID AC014579000001D42811BF05 056310: Jan 23 12:23:40.395 BJ: %MAB-5-FAIL: Authentication failed for client (0025.4619.7214) on Interface Gi1/0/23 AuditSessionID AC014579000001D42811BF05 056311: Jan 23 12:23:40.412 BJ: %AUTHMGR-7-STOPPING: Stopping 'mab' for client 0025.4619.7214 on Interface Gi1/0/23 AuditSessionID AC014579000001D42811BF05 056312: Jan 23 12:23:40.412 BJ: %AUTHMGR-5-FAIL: Authorization failed or unapplied for client (0025.4619.7214) on Interface Gi1/0/23 AuditSessionID AC014579000001D42811BF05 this happened at every customer switch stack and the source mac has regular pattern: SO-OAW3750-18F-C1 0064.4001.949c SO-OAW3750-19F-C1 0064.4001.949d SO-OAW3750-20F-C1 0025.4619.7213 SO-OAW3750-21F-C1 0025.4619.7214 SO-OAW3750-22F-C1 0025.4619.7215 SO-OAW3750-23F-C1 0025.4619.7216 SO-OAW3750-25F-C1 0025.4619.7217 Conditions: enable dot1x authentication
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Status
- Severity
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases