Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

3750 stack fail after "no mab" command

Hello colleagues.

I've got some problem with MAB (mac address bypass) and catalyst 3750 stack (consist of 3 switches). I configured MAB on this stack, it works via radius with ACS 5.5.

This is globlal config:

aaa authentication dot1x default group MAB20 group MAB21
aaa authorization network default group MAB20 group MAB21
aaa accounting dot1x default start-stop group MAB20 group MAB21

This is port config:

 switchport access vlan 4094
 switchport mode access
 switchport nonegotiate
 switchport block multicast
 switchport block unicast
 switchport voice vlan 2620
 ip device tracking maximum 2
 load-interval 30
 small-frame violation-rate 10000
 srr-queue bandwidth share 1 70 25 5
 srr-queue bandwidth shape 3 0 0 0
 priority-queue out
 authentication host-mode multi-domain
 authentication port-control auto
 mab
 storm-control broadcast level pps 500
 storm-control action trap
 spanning-tree portfast
 spanning-tree bpduguard enable
 service-policy input PM-VOIP
 ip dhcp snooping limit rate 100

Everything works fine, switch asks ACS if device with this mac adress is allowed to access the network, ACS says yes or no and assignes appropriate VLAN for this device.

If you type "no mab" command on the not connect  port (down down) it works fine. But (!!!) if you type "no mab" command on the port that is trying to authenticate - master swicth (master in stack) fails and reboots!!! Other 2 switches works fine.

Here is some "show log":

000077: Apr 17 14:51:00: %PLATFORM-1-CRASHED: System previously crashed with the following message:
000078: Apr 17 14:51:00: %PLATFORM-1-CRASHED: Cisco IOS Software, C3750 Software (C3750-IPSERVICESK9-M), Version 12.2(55)SE, RELEASE SOFTWARE (fc2)
000079: Apr 17 14:51:00: %PLATFORM-1-CRASHED: Technical Support: http://www.cisco.com/techsupport
000080: Apr 17 14:51:00: %PLATFORM-1-CRASHED: Copyright (c) 1986-2010 by Cisco Systems, Inc.
000081: Apr 17 14:51:00: %PLATFORM-1-CRASHED: Compiled Sat 07-Aug-10 22:45 by prod_rel_team
000082: Apr 17 14:51:00: %PLATFORM-1-CRASHED:  
000083: Apr 17 14:51:00: %PLATFORM-1-CRASHED: Debug Exception (Could be NULL pointer dereference) Exception (0x2000)!
000084: Apr 17 14:51:00: %PLATFORM-1-CRASHED:  
000085: Apr 17 14:51:00: %PLATFORM-1-CRASHED: SRR0 = 0x02AD5340  SRR1 = 0x00029230  SRR2 = 0x013EFDDC  SRR3 = 0x00029230
000086: Apr 17 14:51:00: %PLATFORM-1-CRASHED: ESR = 0x00000000  DEAR = 0x00000000  TSR = 0x84000000  DBSR = 0x01000000
000087: Apr 17 14:51:00: %PLATFORM-1-CRASHED:  
000088: Apr 17 14:51:00: %PLATFORM-1-CRASHED: CPU Register Context:
000089: Apr 17 14:51:00: %PLATFORM-1-CRASHED: Vector = 0x00002000  PC = 0x013EFDDC  MSR = 0x00029230  CR = 0x55003033
000090: Apr 17 14:51:00: %PLATFORM-1-CRASHED: LR = 0x013EFDC4  CTR = 0x013E642C  XER = 0xA0000014
000091: Apr 17 14:51:00: %PLATFORM-1-CRASHED: R0 = 0x013EFDC4  R1 = 0x05522F78  R2 = 0x00000000  R3 = 0x02F273E0
000092: Apr 17 14:51:00: %PLATFORM-1-CRASHED: R4 = 0x031E13D4  R5 = 0x000000F4  R6 = 0x05522E20  R7 = 0x000000E7
000093: Apr 17 14:51:00: %PLATFORM-1-CRASHED: R8 = 0x001D78A0  R9 = 0x00000000  R10 = 0x00000000  R11 = 0x050B70AC
000094: Apr 17 14:51:00: %PLATFORM-1-CRASHED: R12 = 0x0105A439  R13 = 0x00110000  R14 = 0x013E6874  R15 = 0x00000000
000095: Apr 17 14:51:00: %PLATFORM-1-CRASHED: R16 = 0x00000000  R17 = 0x00000000  R18 = 0x00000000  R19 = 0x00000000
000096: Apr 17 14:51:00: %PLATFORM-1-CRASHED: R20 = 0x00000000  R21 = 0x00000000  R22 = 0x00000000  R23 = 0x00000000
000097: Apr 17 14:51:00: %PLATFORM-1-CRASHED: R24 = 0x00000002  R25 = 0x002130B4  R26 = 0x00000004  R27 = 0x050B6330
000098: Apr 17 14:51:00: %PLATFORM-1-CRASHED: R28 = 0x03920000  R29 = 0x031E13D4  R30 = 0x00000003  R31 = 0x003398A0
000099: Apr 17 14:51:00: %PLATFORM-1-CRASHED:  
000100: Apr 17 14:51:00: %PLATFORM-1-CRASHED: Stack trace:
000101: Apr 17 14:51:00: %PLATFORM-1-CRASHED: PC = 0x013EFDDC, SP = 0x05522F78
000102: Apr 17 14:51:00: %PLATFORM-1-CRASHED: Frame 00: SP = 0x05522F90    PC = 0x013EFDC4
000103: Apr 17 14:51:00: %PLATFORM-1-CRASHED: Frame 01: SP = 0x05522FD0    PC = 0x013F0978
000104: Apr 17 14:51:00: %PLATFORM-1-CRASHED: Frame 02: SP = 0x05522FE8    PC = 0x013F213C
000105: Apr 17 14:51:00: %PLATFORM-1-CRASHED: Frame 03: SP = 0x05523008    PC = 0x013FA6A8
000106: Apr 17 14:51:00: %PLATFORM-1-CRASHED: Frame 04: SP = 0x05523020    PC = 0x013FA8B4
000107: Apr 17 14:51:00: %PLATFORM-1-CRASHED: Frame 05: SP = 0x05523050    PC = 0x02AA85F8
000108: Apr 17 14:51:00: %PLATFORM-1-CRASHED: Frame 06: SP = 0x05523058    PC = 0x013FB580
000109: Apr 17 14:51:00: %PLATFORM-1-CRASHED: Frame 07: SP = 0x05523078    PC = 0x013E6944
000110: Apr 17 14:51:00: %PLATFORM-1-CRASHED: Frame 08: SP = 0x05523080    PC = 0x01BB7308
000111: Apr 17 14:51:00: %PLATFORM-1-CRASHED: Frame 09: SP = 0x00000000    PC = 0x01BADD78
000112: Apr 17 14:51:00: %PLATFORM-1-CRASHED: 

...

000329: Apr 22 14:13:21: %STACKMGR-4-SWITCH_REMOVED: Switch 3 has been REMOVED from the stack
000330: Apr 22 18:13:21.143: license_init_config_queue: initializing the license_switch_boot_config_q
000331: Apr 22 14:13:21: %STACKMGR-4-MASTER_ELECTED: Switch 1 has been elected as MASTER of the stack
000332: Apr 22 14:13:21: %STACKMGR-4-STACK_LINK_CHANGE: Stack Port 1 Switch 2 has changed to state UP
000333: Apr 22 14:13:22: %CFGMGR-6-APPLYING_RUNNING_CFG: as new master
000334: Apr 22 14:13:22: %SSH-5-ENABLED: SSH 1.99 has been enabled
000335: Apr 22 14:13:23: %RADIUS-4-NOSERV: Warning: Server 11.11.11.10:1645,1646 is not defined.
000336: Apr 22 14:13:23: %RADIUS-4-NOSERV: Warning: Server 11.11.11.11:1645,1646 is not defined.
000337: Apr 22 14:13:23: %AAAA-4-BADMETHNAME: Bad authentication method-list name "TACACS" (this is only a warning)
000338: Apr 22 14:13:23: %SYS-6-CLOCKUPDATE: System clock has been updated from 18:13:23 MSK Tue Apr 22 2014 to 18:13:23 MSK Tue Apr 22 2014, configured from console by vty0.
000339: Apr 22 14:13:23: %RADIUS-3-NOSERVERS: No Radius hosts configured or no valid server present in the server group MAB20

...

000446: Apr 22 14:16:04: %STACKMGR-4-STACK_LINK_CHANGE: Stack Port 1 Switch 1 has changed to state UP
000447: Apr 22 14:16:04: %STACKMGR-4-STACK_LINK_CHANGE: Stack Port 2 Switch 2 has changed to state UP
000448: Apr 22 14:16:37: %STACKMGR-4-SWITCH_ADDED: Switch 3 has been ADDED to the stack
000328: Apr 22 14:16:37: %STACKMGR-4-SWITCH_ADDED: Switch 3 has been ADDED to the stack (C375048PS-2)
000449: Apr 22 14:17:09: %STACKMGR-5-SWITCH_READY: Switch 3 is READY
000450: Apr 22 14:17:09: %STACKMGR-4-STACK_LINK_CHANGE: Stack Port 1 Switch 3 has changed to state UP
000451: Apr 22 14:17:09: %STACKMGR-4-STACK_LINK_CHANGE: Stack Port 2 Switch 3 has changed to state UP
000329: Apr 22 14:17:09: %STACKMGR-5-SWITCH_READY: Switch 3 is READY (C375048PS-2)
*Mar  1 00:02:19.972: %STACKMGR-4-SWITCH_ADDED: Switch 1 has been ADDED to the stack (C375048PS-SWC-3)
*Mar  1 00:02:19.972: %STACKMGR-4-SWITCH_ADDED: Switch 2 has been ADDED to the stack (C375048PS-SWC-3)
*Mar  1 00:02:19.972: %STACKMGR-4-SWITCH_ADDED: Switch 3 has been ADDED to the stack (C375048PS-SWC-3)
*Mar  1 00:02:24.133: %SPANTREE-5-EXTENDED_SYSID: Extended SysId enabled for type vlan (C375048PS-SWC-3)
000005: *Apr 22 14:16:46: %SYS-6-CLOCKUPDATE: System clock has been updated from 14:16:46 UTC Tue Apr 22 2014 to 18:16:46 MSK Tue Apr 22 2014, configured from console by console. (C375048PS-SWC-3)
000006: *Apr 22 14:17:08: %SYS-5-CONFIG_I: Configured from memory by console (C375048PS-SWC-3)
000007: *Apr 22 14:17:09: %STACKMGR-5-SWITCH_READY: Switch 1 is READY (C375048PS-SWC-3)
000008: *Apr 22 14:17:09: %STACKMGR-5-MASTER_READY: Master Switch 1 is READY (C375048PS-SWC-3)
000009: *Apr 22 14:17:09: %STACKMGR-5-SWITCH_READY: Switch 2 is READY (C375048PS-SWC-3)
000010: *Apr 22 14:17:10: %SYS-5-RESTART: System restarted -- (C375048PS-SWC-3)
Cisco IOS Software, C3750 Software (C3750-IPSERVICESK9-M), Version 12.2(55)SE, RELEASE SOFTWARE (fc2) (C375048PS-SWC-3)
Technical Support: http://www.cisco.com/techsupport (C375048PS-SWC-3)
Copyright (c) 1986-2010 by Cisco Systems, Inc. (C375048PS-SWC-3)
Compiled Sat 07-Aug-10 22:45 by prod_rel_team (C375048PS-SWC-3)
000011: *Apr 22 14:17:10: %STACKMGR-5-SWITCH_READY: Switch 3 is READY (C375048PS-SWC-3)

...

 

Did anyone faced this problem? How did you fix this?

Thanks.

  • AAA Identity and NAC
137
Views
0
Helpful
0
Replies
This widget could not be displayed.