The issue we are running into is that when we initially deployed 802.1x we had the command “authentication open” on all of our switch ports. We ran a CscoWorks job last week Thursday to remove that command from all of our ports. Since that time we have ran into a couple of weird issues where the device was powered up but the switch port would show notconnect when doing a show int status but the speed would show a-1000 and duplex would show a-full. There would be no mac address listed when doing a “show mac add int ‘interface’” and the device would be in the MAB running state. This is happening on devices that are supposed to be doing 802.1x and MAB authentication, if we put the command “authentication open” back onto the port it showed connected and mac address. Now we have over 1000 switches on the network with this command removed and so far have only ran into a couple of these odd ball problem ports so at this time it is not happening widespread but would like to take care of the issue or figure out why this happening before it does.
Re:802.1x - Issue with command: authentication open
On the 2960's we are running 12.2(55)SE5, on the 6500's we are running 15.1(1)SY
We didn't use any kind of ACL because we start all of our switch ports into a black hole vlan. I have been watching sessions from Cisco Live 2012 and looks like Cisco is now recommending that you don't go closed mode unless absolutely necessary because it is hard to maintain and function.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :