This weekend we have upgraded the ios on quite a few switches on a larger site, the site is a mix of 2960 and 3560 switches and the previouse ios versions were 12.2.44 on most switches but some had an older 12.2.25.
On monday when we came into work we got a call that most of the ports on these switches were an amber color and most people could't use the network.
After some investigation we discovered that we had a problem with dot1x so for a quick solution we just removed it from the switches and restarted all the ports with no dot1x enabled, this solved the problem but we can't really figure out what exactly caused this to happen in the first place.
Our config looked like this:
aaa group server radius etsdot1x
server xxx.xxx.xxx.xxx auth-port xxxx acct-port xxxx
server yyy.yyy.yyy.yyy auth-port yyyy acct-port yyyy
aaa authentication login default group tacacs+ local
aaa authentication dot1x default group etsdot1x
aaa authorization exec default group tacacs+ local
aaa authorization network default group etsdot1x
aaa accounting dot1x default start-stop group etsdot1x
and on the ports themselves:
switchport access vlan 20
switchport mode access
srr-queue bandwidth share 1 70 25 5
srr-queue bandwidth shape 30 0 0 0
authentication port-control auto
dot1x pae authenticator
spanning-tree bpduguard enable
service-policy input PC-PORT-QOS-IN
if anyone could pitch any ideas as to why this might have happened ...
Unfortunately I didn't have the chance to look at the logs on the servers yet, they are being administrated by a different department and I couldn't get in touch with them yet. I suspect that the problem was something with reachability of the servers at the time as well but I just wanted to run the config by others in the meantime to make sure I didn't miss something else.
Also, no, we don't use MAB, that's the only dot1x related config we have.
So assuming the servers were reachble, is there any other factor that could prompt this reaction from the switches after an IOS upgrade?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...