Launching soon: The world's first vendor agnostic bug scrubLearn more & join waitlist
OPERATIONAL DEFECT DATABASE
...
...
Output from command "show access-sessions interface detail" will report operation host mode as single-host: Switch#show access-session int g1/0/6 det Interface: GigabitEthernet1/0/6 IIF-ID: 0x152E548B MAC Address: 2c73.a084.b741 IPv6 Address: Unknown IPv4 Address: Unknown Status: Unauthorized Domain: UNKNOWN Oper host mode: single-host <---------- Oper control dir: in Session timeout: N/A Common Session ID: 000000000000000B1AF510C0 Acct Session ID: Unknown Handle: 0x8b000001 Current Policy: PORT-AUTH-POLICY In the output of the running-configuration for the same interface, will see access-session host-mode multi-auth: Switch#show run all | b net1/0/6 interface GigabitEthernet1/0/6 mvrp timer leave-all 1000 mvrp timer leave 60 mvrp timer join 20 no mvrp timer periodic no mvrp switchport switchport access vlan 220 switchport trunk native vlan tag switchport trunk allowed vlan all no switchport autostate exclude switchport private-vlan trunk encapsulation dot1q switchport private-vlan trunk native vlan tag switchport mode access no switchport nonegotiate no switchport protected no switchport block multicast no switchport block unicast no switchport vepa enabled switchport port-security maximum 65535 vlan voice no switchport port-security mac-address sticky no ip arp inspection trust ip arp inspection limit rate 15 burst interval 1 ip arp inspection limit rate 15 ip access-group DEFAULT-ACCESS in logging event link-status logging event trunk-status load-interval 300 carrier-delay 2 no shutdown no medium p2p no macsec replay-protection cdp log mismatch duplex cdp tlv location cdp tlv server-location cdp tlv app ipv6 mld snooping tcn flood mpls mtu 1500 authentication periodic authentication timer reauthenticate server authentication timer unauthorized 0 authentication linksec policy no access-session interface-template sticky access-session host-mode multi-auth <------- access-session control-direction in no access-session closed
Discrepancy seen on C9400 running 16.12.4 with following configuration seen: interface GigabitEthernet1/0/6 switchport access vlan 220 switchport mode access device-tracking attach-policy DEVTRK ip access-group DEFAULT-ACCESS in logging event trunk-status authentication periodic authentication timer reauthenticate server access-session control-direction in access-session port-control auto mab dot1x pae authenticator dot1x timeout tx-period 7 dot1x max-req 3 storm-control broadcast level 5.00 spanning-tree portfast spanning-tree bpduguard enable spanning-tree guard root service-policy type control subscriber PORT-AUTH-POLICY
If your port has multiple devices off it, explicitly configure "access-session host-mode multi-auth" under the interface.