crash after authc result 'success' from 'dot1x' for client (Unknown MAC) CSCtx61557 Description Symptoms: The switch crashes after logging "success" from "dot1x" for client (Unknown MAC).
Conditions: The symptom is observed with the following conditions:
1. A switchport is configured with both of the following:
authentication event server dead action authorize... authentication event server alive action reinitalize
2. The radius server was down previously, and a port without traffic (for example: a hub with no devices attached) was authorized into the inaccessible authentication bypass (IAB) VLAN without an associated MAC address. 3. The radius server becomes available again, and a dot1x client attempts to authenticate.
Buffered messages: (last 8192 bytes only) 6 left the port-channel Port radius
HOSTNAME(config)#aaa accounting system default start-stop group radius HOSTNAME(config)# HOSTNAME(config)# HOSTNAME(config)#no authentication logging verbose HOSTNAME(config)# HOSTNAME(config)# HOSTNAME(config)#login block-for 300 attempts 5 within 60 -channel1 *Aug 28 01:08:47.873 UTC: %C4K_IOSINTF-5-LMPHWSESSIONSTATE: Lmp HW session DOWN on slot 11 port 12. *Aug 28 01:08:48.056 UTC: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 172.16.5.98 port 514 started - CLI initiated *Aug 28 01:08:48.571 UTC: %FASTHELLO-2-FH_DOWN: Fast-Hello interface Te2/1/12 lost dual-active detection capability
*Aug 28 01:08:49.099 UTC: %PIM-5-DRCHG: DR change from neighbor 0.0.0.0 to 172.16.250.61 on interface Vlan250 *Aug 28 01:15:08.753 UTC: %C4K_IOSINTF-5-LMPHWSESSIONSTATE: Lmp HW session UP on slot 11 port 1. *Aug 28 01:15:24.759 UTC: %VSLP-5-VSL_UP: Ready for control traffic
*Aug 28 01:15:27.760 UTC: %VSLP-5-RRP_ROLE_RESOLVED: Role resolved as ACTIVE by VSLP *Aug 28 01:15:27.760 UTC: %EC-5-BUNDLE: Interface TenGigabitEthernet2/1/1 joined port-channel Port-channel2 *Aug 28 01:15:28.049 UTC: %C4K_REDUNDANCY-6-DUPLEX_M <Thu Aug 28 01:18:32 2014> Message from sysmgr: Reason Code: Reset Reason:Service [iosd] pid: terminated abnormally . Details: -------- Service: IOSd service Description: IOS daemon Executable: /tmp/sw/mount/cat4500e-universalk9.SPA.152-1.E.pkg//usr/binos/bin/iosd
Started at Wed Aug 27 22:27:48 2014 (647795 us) Stopped at Thu Aug 28 01:18:32 2014 (115506 us) Uptime: 2 hours 50 minutes 44 seconds
Start type: SRV_OPTION_RESTART_STATELESS (23) Death reason: SYSMGR_DEATH_REASON_FAILURE_SIGNAL (2) Last heartbeat 0.00 secs ago
PID: 6813 Exit code: signal 6 (no core)
PID: 6813 UUID: 512 FAILURE: syslogd shutdown
I had a ICMP ping going, and it was not affected, as the Standby VSS chassis kicked in and took over, while the previous active chassis reloaded.
-------------------------------------------------------- 2nd time it happened:
Now this time, I had waited until the previous active chassis was back up and running and came back up as Standby hot.
once again I pasted the same config, and bang, It happened a second time on the second chassis which was acting now as Active supervisor.
And once again, the ICMP continuous ping was not interrupted, as the other chassis remained up, while the "new" active crashed after configuring the same configs in a slight different order.
HOSTNAME(config)#radius server ACS2 HOSTNAME(config-radius-server)#$5.22 auth-port 1812 acct-port 1813 HOSTNAME(config-radius-server)# timeout 1 HOSTNAME(config-radius-server)# key 0 XXXX HOSTNAME(config-radius-server)#! HOSTNAME(config-radius-server)#radius server ACS3 HOSTNAME(config-radius-server)#$xxxx auth-port 1812 acct-port 1813 HOSTNAME(config-radius-server)# timeout 1 HOSTNAME(config-radius-server)# key 0 xxxxxxx HOSTNAME(config-radius-server)# HOSTNAME(config-radius-server)#aaa group server radius rad_eap HOSTNAME(config-sg-radius)# server name XXXX HOSTNAME(config-sg-radius)# server name XXXX HOSTNAME(config-sg-radius)# server name XXXX HOSTNAME(config-sg-radius)# HOSTNAME(config-sg-radius)# PER-3-S
Exception to IOS Thread: Frame pointer 89455E38, PC = 1CC27ECC
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...