Guest

Preview Tool

Cisco Bug: CSCvu30106 - option to configure local fallback method for command aaa authentication dot1x should be removed

Last Modified

May 19, 2020

Products (1)

  • Cisco Catalyst 2960 Series Switches

Known Affected Releases

15.2(7)E

Description (partial)

Symptom:
If "aaa authentication dot1x.." command is configured with local tag for fallback mistakenly, authorization to critical vlan is not happening when AAA server is not reachable. When local fallback is configured switch is trying for local fallback and critical vlan authorization is getting failed:

May  5 19:01:40.313 MST: RADIUS/DECODE: No response from radius-server; parse response; FAIL
May  5 19:01:40.313 MST: RADIUS/DECODE: Case error(no response/ bad packet/ op decode);parse response; FAIL
May  5 19:01:40.313 MST: EAP-EVENT: Received context create from LL (AAA_LOCAL_EAP) (0x00000064)
May  5 19:01:40.313 MST: EAP-AUTH-EVENT: Setting authentication mode: Local

May  5 19:01:40.317 MST: %DOT1X-5-FAIL: Authentication failed for client

Conditions:
fallback is required to configure only for TACACS and local login authentication and not for dot1x.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.