Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

Lwapp: strange MAC addresses in MAC Authentication Bypass

We have a lot of 2600 series accesspoints. They are connected to cisco 2960c and 2960s switches.We use MAB to get them into the right VLAN. This works fine for all of them.

Some of these LWAPPs however keep on trying to authenticate and authorize themselves with Xerox-like MAC addresses (00-00-01-...). Not just one of them but a different one each time for the same unit. This shows up in logging on the switch (see below)

Only 2602E do this but strangely not all of them. 2602i are 'clean'.

All LWAPP software versions are the same: 15.2.2.JB2

Has anyone seen this before and what can be done about it?

Thanks,

Erik

==

#sh mac add int fa0/47

          Mac Address Table

-------------------------------------------

Vlan    Mac Address       Type        Ports

----    -----------       --------    -----

  26    bc16.6595.a5e7    STATIC      Fa0/47

Total Mac Addresses for this criterion: 1

Dec 12 16:13:46.662: %MAB-5-SUCCESS: Authentication successful for client (0000.0104.c121) on Interface Fa0/47 AuditSessionID 0A60F00F000045

B8EF7D857A

Dec 12 16:13:46.670: %MAB-5-SUCCESS: Authentication successful for client (0000.0104.bf1d) on Interface Fa0/47 AuditSessionID 0A60F00F000045

BAEF7D8644

Dec 12 16:13:46.670: %MAB-5-SUCCESS: Authentication successful for client (0000.0104.ac08) on Interface Fa0/47 AuditSessionID 0A60F00F000045

B9EF7D857A

Dec 12 16:13:46.670: %AUTHMGR-5-FAIL: Authorization failed for client (0000.0104.c121) on Interface Fa0/47 AuditSessionID 0A60F00F000045B8EF

7D857A

Dec 12 16:13:46.670: %AUTHMGR-5-FAIL: Authorization failed for client (0000.0104.bf1d) on Interface Fa0/47 AuditSessionID 0A60F00F000045BAEF

7D8644

Dec 12 16:13:46.679: %AUTHMGR-5-FAIL: Authorization failed for client (0000.0104.ac08) on Interface Fa0/47 AuditSessionID 0A60F00F000045B9EF

7D857A

Dec 12 16:13:47.694: %MAB-5-SUCCESS: Authentication successful for client (0000.0104.d12e) on Interface Fa0/47 AuditSessionID 0A60F00F000045

BBEF7D87D6

Dec 12 16:13:47.694: %AUTHMGR-5-FAIL: Authorization failed for client (0000.0104.d12e) on Interface Fa0/47 AuditSessionID 0A60F00F000045BBEF

7D87D6

Dec 12 16:13:47.702: %MAB-5-SUCCESS: Authentication successful for client (0000.0104.7cbe) on Interface Fa0/47 AuditSessionID 0A60F00F000045

BEEF7D8969

Dec 12 16:13:47.702: %AUTHMGR-5-FAIL: Authorization failed for client (0000.0104.7cbe) on Interface Fa0/47 AuditSessionID 0A60F00F000045BEEF

7D8969

Dec 12 16:13:47.711: %MAB-5-SUCCESS: Authentication successful for client (0000.0104.c824) on Interface Fa0/47 AuditSessionID 0A60F00F000045

BCEF7D883B

Dec 12 16:13:47.711: %MAB-5-SUCCESS: Authentication successful for client (0000.0104.8bc2) on Interface Fa0/47 AuditSessionID 0A60F00F000045

BDEF7D88A0

Dec 12 16:13:47.719: %AUTHMGR-5-FAIL: Authorization failed for client (0000.0104.c824) on Interface Fa0/47 AuditSessionID 0A60F00F000045BCEF

7D883B

Dec 12 16:13:47.727: %AUTHMGR-5-FAIL: Authorization failed for client (0000.0104.8bc2) on Interface Fa0/47 AuditSessionID 0A60F00F000045BDEF

7D88A0

Dec 12 16:13:48.709: %MAB-5-SUCCESS: Authentication successful for client (0000.0104.c622) on Interface Fa0/47 AuditSessionID 0A60F00F000045

BFEF7D8A76

Dec 12 16:13:48.709: %AUTHMGR-5-FAIL: Authorization failed for client (0000.0104.c622) on Interface Fa0/47 AuditSessionID 0A60F00F000045BFEF

7D8A76

Dec 12 16:14:07.416: %MAB-5-SUCCESS: Authentication successful for client (0000.0104.bf1b) on Interface Fa0/47 AuditSessionID 0A60F00F000045

5CEEFF95AA

Dec 12 16:14:07.424: %AUTHMGR-5-FAIL: Authorization failed for client (0000.0104.bf1b) on Interface Fa0/47 AuditSessionID 0A60F00F0000455CEE

FF95AA

Dec 12 16:14:07.432: %MAB-5-SUCCESS: Authentication successful for client (0000.0104.cc28) on Interface Fa0/47 AuditSessionID 0A60F00F000045

5BEEFF94EA

Dec 12 16:14:07.432: %MAB-5-SUCCESS: Authentication successful for client (0000.0104.b30f) on Interface Fa0/47 AuditSessionID 0A60F00F000045

58EEFF94E1

Dec 12 16:14:07.432: %MAB-5-SUCCESS: Authentication successful for client (0000.0104.d029) on Interface Fa0/47 AuditSessionID 0A60F00F000045

5AEEFF94E1

#sh cdp nei fa0/47 deta

-------------------------

Device ID: APbc16.6595.a5e7

Entry address(es):

  IP address: 10.96.10.177

Platform: cisco AIR-CAP2602E-E-K9   ,  Capabilities: Router Trans-Bridge

Interface: FastEthernet0/47,  Port ID (outgoing port): GigabitEthernet0.1

Holdtime : 147 sec

 

Version :

Cisco IOS Software, C2600 Software (AP3G2-K9W8-M), Version 15.2(2)JB2, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2013 by Cisco Systems, Inc.

Compiled Mon 29-Jul-13 11:27 by prod_rel_team

 

advertisement version: 2

Duplex: full

Power drawn: 15.400 Watts

Power request id: 50672, Power management id: 1

Power request levels are:15400 0 0 0 0

Management address(es):

Everyone's tags (2)
1 REPLY
New Member

Re: Lwapp: strange MAC addresses in MAC Authentication Bypass

Hi

We saw the problem with that 0000.0104.xx- MACs in Port-Security as we normaly do only allow one MAC - the one of the AP. This MACs come from the 26xx APs. No idea why.

BR

*Update:*

Just found the already open Bug@Cisco:

https://tools.cisco.com/bugsearch/bug/CSCud97325

267
Views
0
Helpful
1
Replies
CreatePlease to create content