Preview Tool

Cisco Bug: CSCup71561 - Dot1x Session struck in "U" state

Last Modified

Nov 18, 2020

Products (1)

  • Cisco Catalyst 4000 Series Switches

Known Affected Releases


Description (partial)

After a wired dot1x client is disconnected from the switchport, the session is stuck and cannot be cleared.
The "show auth sessions" command output may look similar to the following:

switch#sh auth sessions int gi2/0/32 detail 
            Interface:  GigabitEthernet2/0/32
               IIF-ID:  0x102CB4000000F4B 
          MAC Address:  0011.2233.4455
         IPv6 Address:  Unknown
         IPv4 Address: (old IP address from previous swtichport access VLAN)
               Status:  Unauthorized
               Domain:  DATA
       Oper host mode:  multi-auth
     Oper control dir:  both
      Session timeout:  N/A
    Common Session ID:  AC17049400001ED3F99F40BC
      Acct Session ID:  Unknown
               Handle:  0x63000D1C
       Current Policy:  POLICY_Gi2/0/32
           Blocked On:  User Profile Application - apply user profile (1)

Seen on 3850 and 4500.  ACL downloaded from RADIUS.

Related Community Discussions

Catalyst 3850 retaining MAC addresses on ports
Hi all. I am experiencing weird behavior on a 3 member stack made of C3850-48P switches. I am seeing quite a lot of STATIC MAC address entries even though no such entries have been manually configured. The fact is, that I connected my laptop to Gi2/0/40 on Monday and it worked fine. On Tuesday I had to connect to a different port and I couldn't get any connectivity: I did get IP configuration, but I was unable to ping the gateway or anything else. Looking at the switch, I found out that my NIC's ...
Latest activity: Jun 12, 2018
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.