Cisco Bug: CSCvu30106 - option to configure local fallback method for command aaa authentication dot1x should be removed
May 19, 2020
- Cisco Catalyst 2960 Series Switches
Known Affected Releases
Symptom: If "aaa authentication dot1x.." command is configured with local tag for fallback mistakenly, authorization to critical vlan is not happening when AAA server is not reachable. When local fallback is configured switch is trying for local fallback and critical vlan authorization is getting failed: May 5 19:01:40.313 MST: RADIUS/DECODE: No response from radius-server; parse response; FAIL May 5 19:01:40.313 MST: RADIUS/DECODE: Case error(no response/ bad packet/ op decode);parse response; FAIL May 5 19:01:40.313 MST: EAP-EVENT: Received context create from LL (AAA_LOCAL_EAP) (0x00000064) May 5 19:01:40.313 MST: EAP-AUTH-EVENT: Setting authentication mode: Local May 5 19:01:40.317 MST: %DOT1X-5-FAIL: Authentication failed for client Conditions: fallback is required to configure only for TACACS and local login authentication and not for dot1x.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases