Guest

Preview Tool

Cisco Bug: CSCus36545 - 2960X stack | port-security + 802.1x | VLAN change -> psecure-violation

Last Modified

Feb 14, 2018

Products (1)

  • Cisco Catalyst 2960-X Series Switches

Known Affected Releases

15.2(2.0.0)

Description (partial)

Symptom:
2960X stack is used
- 802.1x client starts authentication within access VLAN
- due to the way 802.1x is configured 802.1x client changes VLAN assignment (different VLAN for auth-fail / server-dead / no-response)
- depending on IOS version the following happens:
++ in 15.0(2)EX5 and older we observe that VLAN change happens and no port-security violation is reported as it is still the only one MAC address which is allowed, it just changes VLAN
++ in 15.2(2)E and later we observe that VLAN change happens and port-security violation is reported for MAC address that has changed its VLAN assigment

Conditions:
2960X stack
- 802.1x configuration with VLAN change possible
- port-security allowing exactly the amount of clients needed and not more
- 15.2(2)E and newer IOS
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.