Cisco Bug: CSCuo24023 - 3750 MKA host-switch macsec does not allow MAB to run

Last Modified

Jan 29, 2017

Products (1)

Cisco IOS

Known Affected Releases

15.2(1.1)

Description (partial)

Symptom:
On 3750 with 152-1.E1 when the port is configured with dot1x+mab+macsec after switching from Anyconnect NAM macsec profile to mab profile the port can not detect any mac address, no authentication can happen, "shutdown/no shutdown" does not help to resolve the issue. At that stage interface counters for incoming packets are not increasing, but CRC errors are increasing. There is no macsec session anymore. Mac address is not available when using "show mac address" but it can be seen when checking tcams.

Conditions:
3750 port configured for dot1x+mab+macsec(MKA)

View Bug Details in Bug Search Tool Login Required

Why Is Login Required?

Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

Full Description (including symptoms, conditions and workarounds)
Status
Severity
Known Fixed Releases
Related Community Discussions
Number of Related Support Cases

Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.

Learn More About Cisco Service Contracts