Guest

Preview Tool

Cisco Bug: CSCun65359 - "show dot1x all" does not reflect eap timers until client associates

Last Modified

Jan 17, 2020

Products (150)

  • Cisco IOS
  • Cisco Embedded Service 2020 CON B Switch
  • Cisco Catalyst 2960X-24PD-L Switch
  • Cisco Catalyst 3560X-48T-E Switch
  • Cisco Catalyst 2960C-8TC-S Switch
  • Cisco Catalyst 2960S-F48FPS-L Switch
  • Cisco Catalyst 3560X-48U-S Switch
  • Cisco Catalyst 2960X-24PS-L Switch
  • Cisco Catalyst 3560CG-8TC-S Compact Switch
  • Cisco Catalyst 2960S-24PD-L Switch
View all products in Bug Search Tool Login Required

Known Affected Releases

15.2(2)E

Description (partial)

Symptom:
No command to view default eap timers on 5760/3850. "show dot1x all" only populates after a client connects

AireOS WLC output:
(Cisco Controller) >show advanced eap
EAP-Identity-Request Timeout (seconds)........... 30
EAP-Identity-Request Max Retries................. 2
EAP Key-Index for Dynamic WEP.................... 0
EAP Max-Login Ignore Identity Response........... enable
EAP-Request Timeout (seconds).................... 30
EAP-Request Max Retries.......................... 2
EAPOL-Key Timeout (milliseconds)................. 1000
EAPOL-Key Max Retries............................ 2
EAP-Broadcast Key Interval....................... 3600

NOTE: No APs plugged in
(Cisco Controller) >show ap summary
Number of APs.................................... 0
Global AP User Name.............................. Not Configured
Global AP Dot1x User Name........................ Not Configured
AP Name             Slots  AP Model              Ethernet MAC       Location          Port  Country  Priority
------------------  -----  --------------------  -----------------  ----------------  ----  -------  ------


IOS-XE output:
5760-79b#sh dot1x
Sysauthcontrol             Disabled
Dot1x Protocol Version            3
5760-79b#sh dot1x all
Sysauthcontrol             Disabled
Dot1x Protocol Version            3

5760-79b#sh ap summary
Number of APs: 1


Also,
- Once a client is connected to a dot1x SSID, these timers populate but are printed for every capwap interface though they cannot be modified per capwap interface.
- some important timers such as broadcast key interval, frequently used in troubleshooting is not populated here. If this needs to be a separate feature request, please let us know.

Conditions:
WPA2/AES/Dot1x based SSID
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.