Guest

Preview Tool

Cisco Bug: CSCvt71711 - Port security with dot1x to be supported (Enhancement request)

Last Modified

Apr 09, 2020

Products (1)

  • Cisco Catalyst 9200 Series Switches

Known Affected Releases

16.12.2

Description (partial)

Symptom:
As per documentation its not recommended to enable dot1x along with port-security while in MAB environment customers may need to have both features enabled to control amount of devices connected to the port.

This is an enhancement request to have both those feature fully supported.

IEEE 802.1x Authentication with Port Security
In general, Cisco does not recommend enabling port security when IEEE 802.1x is enabled. Since IEEE 802.1x enforces a single MAC address per port (or per VLAN when MDA is configured for IP telephony), port security is redundant and in some cases may interfere with expected IEEE 802.1x operations.
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9200/software/release/17-2/configuration_guide/sec/b_172_sec_9200_cg/configuring_ieee_802_1x_port_based_authentication.html#ID872

Conditions:
Configuring port security with dot1x on an interface
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.