Hi, All
We have a switch 6860E, users are using mac address authentication to the clearpass.
Everything was working fine and suddenly user ports status is block.
User block:
Port Username Mac address IP Vlan Profile Type Status Source
------+--------------------+-----------------+---------------+----+--------------------------------+------------+-----------+-----------
1/1/7 xx:xx:xx:xx:xx:xx xx:xx:xx:xx:xx:xx - 1 - Edge Block Local
User working fine:
Port Username Mac address IP Vlan Profile Type Status Source
------+--------------------+-----------------+---------------+----+--------------------------------+------------+-----------+-----------
1/1/6 xxxxxx xx:xx:xx:xx:xx:xx 10.1.1.1 129 User_Vlan Edge Active Local
When user connect to the port, no logs seen in the clearpass access tracker but I send the aaa test-radius to clearpass and log is seen.
Even only 1 user is connected, also transferred to different port still the same. Bounced the port and reboot the endpoint/laptop.
TO fix the issue we simply reboot the switch and users can now connect.
Is there anyone who might have encountered the same issue? Maybe its a bug but not sure.
Please share your thoughts.
thanks!
Switch blocking user port using 802.1x
Re: Switch blocking user port using 802.1x
It seems like a bug.
I think there is no other violation (show violation) and no limited mac-learning (port-security...).
helps the command: unp edge-user flush to solve the issue?
regards
Silvio
I think there is no other violation (show violation) and no limited mac-learning (port-security...).
helps the command: unp edge-user flush to solve the issue?
regards
Silvio
Re: Switch blocking user port using 802.1x
Hi, Silvio
Thanks for your comment and suggestion.
I'm also suspecting a bug but i haven't seen any docs yet that will confirm if its a bug.
I'm using 6860E-24 ports running on 8.2.1.258.R01 AOS. The only way to solve the issue every time this happen is to reboot the switch.
But next time, if I will encounter again the same issue again, I will try your suggestion to do the unp edge-user flush.
Thanks a lot!
Thanks for your comment and suggestion.
I'm also suspecting a bug but i haven't seen any docs yet that will confirm if its a bug.
I'm using 6860E-24 ports running on 8.2.1.258.R01 AOS. The only way to solve the issue every time this happen is to reboot the switch.
But next time, if I will encounter again the same issue again, I will try your suggestion to do the unp edge-user flush.
Thanks a lot!
Re: Switch blocking user port using 802.1x
if possible than make update to 8.2.1.304 (last release).
regards
Silvio
regards
Silvio
Re: Switch blocking user port using 802.1x
Hi, Silvio
Just yesterday alcatel tac confirmed that it was due to a bug in the 8.2.1.258.R01 AOS.
The reason below and debug capture.
swlogd: AGCMM main debug1(6) [agcmm_debug] agcmmOnexBauthsmSendRespToServer():554: Onex-Auth for User[xxxxx] on port[1013] congested
swlogd: AGCMM main debug1(6) agcmmSendUserForReauthentication():444: Start Rate limit for AAA AuthRequest: unrepliedCount[200]
The un-replied count for authentication requests had reached maximum limit [200]
Due to the maximum count reached , AG unable to send any further authentication requests. So users were stuck in “waiting for authentication” state.
This problem has been reported earlier in PR# 212040 and fix is available in the latest 8.2.1.304.R01.
Thanks.
Just yesterday alcatel tac confirmed that it was due to a bug in the 8.2.1.258.R01 AOS.
The reason below and debug capture.
swlogd: AGCMM main debug1(6) [agcmm_debug] agcmmOnexBauthsmSendRespToServer():554: Onex-Auth for User[xxxxx] on port[1013] congested
swlogd: AGCMM main debug1(6) agcmmSendUserForReauthentication():444: Start Rate limit for AAA AuthRequest: unrepliedCount[200]
The un-replied count for authentication requests had reached maximum limit [200]
Due to the maximum count reached , AG unable to send any further authentication requests. So users were stuck in “waiting for authentication” state.
This problem has been reported earlier in PR# 212040 and fix is available in the latest 8.2.1.304.R01.
Thanks.
Re: Switch blocking user port using 802.1x
thanks for this info.
regards
Silvio
regards
Silvio