Loading...
Loading...
Following a reload or power cycle of a Catalyst 3850 stack, ports configured for MAB/Dot1x Authentication and using the VLAN statically defined on the interface (no DVLAN push from ISE), we see some ports are stuck on VLAN1 on PM (Port Manager) regardless of the "switchport access vlan #" configuration. Example of a port in broken state: C3850_Stack-DUT#show run int gig 2/0/19 Building configuration... Current configuration : 794 bytes ! interface GigabitEthernet2/0/19 switchport access vlan 211 <<< Access vlan configured is 211 switchport mode access device-tracking attach-policy IPDT authentication control-direction in authentication event server dead action authorize vlan 4094 authentication event server dead action authorize voice authentication event server alive action reinitialize authentication host-mode multi-auth authentication order mab dot1x authentication priority dot1x mab authentication port-control auto authentication periodic authentication timer reauthenticate server authentication timer inactivity server dynamic authentication violation restrict mab snmp trap mac-notification change added snmp trap mac-notification change removed dot1x pae authenticator dot1x timeout tx-period 10 spanning-tree portfast end C3850_Stack-DUT# show platform pm port-data gi2/0/19 Field AdminFields OperFields =============================================================== Access Mode Static Static Access Vlan Id 1 0 <<< But VLAN 1 is set on PM Voice Vlan Id 4096 0 VLAN Unassigned 0 ExAccess Vlan Id 32767 Native Vlan Id 1 Port Mode access access C3850_Stack-DUT#show mac add int gig 2/0/19 Mac Address Table ------------------------------------------- Vlan Mac Address Type Ports ---- ----------- -------- ----- 1 0000.0c07.ac02 STATIC Gi2/0/19 <<< Hosts will then be assigned to VLAN1 incorrectly. 1 0024.14a2.c441 STATIC Gi2/0/19 Total Mac Addresses for this criterion: 2
- Seen on Catalyst 3850 stacks running IOS 16.9.5, with around 30 or more MAB/Dot1x hosts connected. - Does not happen if VLAN is pushed dynamically from ISE.
- Configure again the same access VLAN on the affected interface: configure terminal interface Gix/x switchport access vlan # After this, the PM will re-program to the right VLAN.
Upon performing the workaround, the following tracebacks can appear: 000292: *Jul 22 17:34:05.893 UTC: %PM-3-INTERNALERROR: Port Manager Internal Software Error (!pm_port_gbitlist_test(&vd->fwdList, pd->globalNumber): ../switch/pm/pm_vlan.c: 1959: pm_vlan_add_port) -Traceback= 1#29f72ee29020089947733224e5b632bb :AAB1B8A000+5510954 :AAB1B8A000+550E414 :AAB1B8A000+27CE778 :AAB1B8A000+2832AA0 :AAB1B8A000+281D808 :AAB1B8A000+74C85CC :AAB1B8A000+74C8300 :AAB1B8A000+74C7F34 :AAB1B8A000+281D658 :AAB1B8A000+74C85CC :AAB1B8A000+74C82F0 :AAB1B8A000+74C7F34 :AAB1B8A000+281B7F0 :AAB1B8A000+74C85CC :AAB1B8A000+74C8300 :AAB1B8A000+74C7F34 :AAB1B8A000+281AD04 :AAB1B8A000+74C85CC :AAB1B8A000+74C82F0 :AAB1B8A000+74C7F34 :AAB1B8A000+**MSG 00001 TRUNCATED** **MSG 00001 CONTINUATION #01**2810790 :AAB1B8A000+27E2034 :AAB1B8A000+250982C :AAB1B8A000+27E8900 :AAB1B8A000+2869FFC :AAB1B8A000+78D0CDC :AAB1B8A000+78D3E90 :AAB1B8A000+78C9248 :AAB1B8A000+78C9DC0 :AAB1B8A000+2859CA0 :AAB1B8A000+286B400 :AAB1B8A000+53EEB68 :AAB1B8A000+53E7BA0 :AAB1B8A000+53E69A4 :AAB1B8A000+3E8383C :AAB1B8A000+3E82F58 :AAB1B8A000+5405C2C :AAB1B8A000+5404C80 :AAB1B8A000+78E96F8 This is not impacting, but PM reporting the re-configuration of a VLAN which is already configured.
Click on a version to see all relevant bugs
Cisco Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.