Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

SSH Authentication suddenly fails on WS-C4510R+E

Hi all,

We're experiencing a strange issue where suddenly we are unable to authenticate via ssh to two different WS-C4510R+E running two versions of IOS.

One is running cat4500es8-universalk9.SPA.03.03.01.XO.151-1.XO1.bin and the other cat4500e-universalk9.SPA.03.04.00.SG.151-2.SG.bin.

The authentication issue is coupled with users being unable to authenticate on the wired LAN.  Our ports are configured for Dot1.x mab and are authenticated by ISE  Here is an example of our port configuration...

description User Port
 switchport access vlan 105
 switchport mode access
 switchport nonegotiate
 switchport voice vlan 205
 authentication event fail action next-method
 authentication event server dead action reinitialize vlan 105
 authentication event server dead action authorize voice
 authentication event server alive action reinitialize 
 authentication host-mode multi-auth
 authentication order mab dot1x
 authentication priority dot1x mab
 authentication port-control auto
 authentication periodic
 authentication timer reauthenticate server
 authentication timer inactivity server
 authentication violation restrict
 auto qos voip cisco-phone 
 dot1x pae authenticator
 dot1x timeout tx-period 10
 qos trust device cisco-phone
 spanning-tree portfast
 service-policy input AutoQos-4.0-Cisco-Phone-Input-Policy
 service-policy output AutoQos-4.0-Output-Policy


I can resolve the user access issue by removing the dot1x config from the port.  However, the ssh authentication issue is only resolved by failing over to the standby supervisor.  Here's an example of the log entry for a failed ssh auth...

5362743: Oct 16 15:40:35.080 UTC: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: <username>] [Source: <src ip>] [localport: 22] [Reason: Login Authentication Failed] at 15:40:35 UTC Thu Oct 16 2014

Has anyone else experienced this?







CreatePlease to create content