Preview Tool

Cisco Bug: CSCuo13242 - Re-authentication fails after clear authentication sessions command

Last Modified

Sep 01, 2020

Products (169)

  • Cisco IOS
  • Cisco Catalyst 3560X-48T-E Switch
  • Cisco Catalyst 2960-24-S Switch
  • Cisco Catalyst 3560-12PC-S Compact Switch
  • Cisco Catalyst 3750V2-24FS Switch
  • Cisco Catalyst 3560E-48PD-SF Switch
  • Cisco Catalyst 3560E-48PD-E Switch
  • Cisco Catalyst 3560X-48P-S Switch
  • Cisco Catalyst 2960C-8TC-S Switch
  • Cisco Catalyst 3560X-48U-S Switch
View all products in Bug Search Tool Login Required

Known Affected Releases


Description (partial)

After upgrading to 15.0(2)SE5, an interface running MAB can not be recovered from Authz Failed or unknown MAC Address status to Authz Success after issuing clear authentication sessions command.

Follow the step below to recreate this issue using 15.0(2)SE5 -
1. Configure MAB on an interface. 
2. Have the switch unreachable to the configured radius server.
3. Connect a PC to the interface. 
4. The port goes to "Authz Failed" status.
5. After the radius is back again, issue clear authentication sessions interface x/x.
6. Instead of processing authentication triggered by a packet from the PC, the port goes into unknown MAC address status.
7. Issue clear authentication sessions command again, still the unknown MAC status persists and never changes.

If re-authentication (authentication timer restart) is triggered at the step 5 rather than issuing clear authentication sessions command, it works and the port goes to "Authz Success". But if the re-authentication is triggered at the step 7, it does not work and the port stays in "unknown MAC" status. At the step 7, only shut / no shut the port can resolve the issue.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.