Guest

Preview Tool

Cisco Bug: CSCuo13242 - Re-authentication fails after clear authentication sessions command

Last Modified

Sep 01, 2020

Products (169)

  • Cisco IOS
  • Cisco Catalyst 3560X-48T-E Switch
  • Cisco Catalyst 2960-24-S Switch
  • Cisco Catalyst 3560-12PC-S Compact Switch
  • Cisco Catalyst 3750V2-24FS Switch
  • Cisco Catalyst 3560E-48PD-SF Switch
  • Cisco Catalyst 3560E-48PD-E Switch
  • Cisco Catalyst 3560X-48P-S Switch
  • Cisco Catalyst 2960C-8TC-S Switch
  • Cisco Catalyst 3560X-48U-S Switch
View all products in Bug Search Tool Login Required

Known Affected Releases

15.0(2)SE5

Description (partial)

Symptom:
After upgrading to 15.0(2)SE5, an interface running MAB can not be recovered from Authz Failed or unknown MAC Address status to Authz Success after issuing clear authentication sessions command.

Conditions:
Follow the step below to recreate this issue using 15.0(2)SE5 -
-----------------------------------------
1. Configure MAB on an interface. 
2. Have the switch unreachable to the configured radius server.
3. Connect a PC to the interface. 
4. The port goes to "Authz Failed" status.
5. After the radius is back again, issue clear authentication sessions interface x/x.
6. Instead of processing authentication triggered by a packet from the PC, the port goes into unknown MAC address status.
7. Issue clear authentication sessions command again, still the unknown MAC status persists and never changes.

If re-authentication (authentication timer restart) is triggered at the step 5 rather than issuing clear authentication sessions command, it works and the port goes to "Authz Success". But if the re-authentication is triggered at the step 7, it does not work and the port stays in "unknown MAC" status. At the step 7, only shut / no shut the port can resolve the issue.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.