Guest

Preview Tool

Cisco Bug: CSCvu61753 - 3850 Not Starting MAB Process

Last Modified

Jul 06, 2020

Products (1)

  • Cisco IOS

Known Affected Releases

16.9.5

Description (partial)

Symptom:
Upon reload, 3850 switches utilizing MAB authentication for certain supplicants will fail to authorize these devices, causing lack of connectivity until the port is flapped.

Issue has been seen with specific HP printers, as these printers are deployed across various ports on the switch stack.

When checking the output of "show authentication sessions interface <interface>" you will see the following:

Switch#sh auth sessions int gigabitEthernet 2/0/47 det
No sessions match supplied criteria.

Interface is up and MAC is learnt:

Switch#sh mac add int g2/0/47
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
 111    0017.0884.bfef    DYNAMIC     Gi2/0/47

Switch#sh int g2/0/47
GigabitEthernet2/0/47 is up, line protocol is up (connected)
  Hardware is Gigabit Ethernet, address is 00e1.6d38.1c2f (bia 00e1.6d38.1c2f)
  Description: TRAIN1-BW | Panel:D24
  MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, media type is 10/100/1000BaseTX
  input flow-control is on, output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:03:58, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/2000/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     22 packets input, 2824 bytes, 0 no buffer
     Received 0 broadcasts (0 multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 0 multicast, 0 pause input
     0 input packets with dribble condition detected
     452 packets output, 153604 bytes, 0 underruns
     0 output errors, 0 collisions, 2 interface resets
     0 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 pause output
     0 output buffer failures, 0 output buffers swapped out

Conditions:
Issue has been reported on 3850 switch stacks running 16.9.5 using MAB authentication for supplicants (HP Printers) after the 3850 switch stack reloads.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.