OPERATIONAL DEFECT DATABASE
...
...
When PCs or clients attempted to connect for the FIRST time, the problem occurred. As can be seen, ISE provided the template to the SW, and it was applied correctly (Can verify by auth session); nevertheless, the endpoint mac address was still shown in the MAC address database with the source template's specified VLAN. The config as follows: template PORT_TEMPLATE dot1x pae authenticator switchport access vlan 999 switchport mode access switchport voice vlan 1403 mab trust device cisco-phone access-session host-mode multi-domain access-session closed access-session port-control auto authentication periodic authentication timer reauthenticate server service-policy type control subscriber SN_PORT_AUTH template USER_VLAN_TEMP switchport access vlan 1303 description ** User Ports Vlan 1303/1403 source template PORT_TEMPLATE c9300#sh run inter gi 1/0/1 Building configuration... Current configuration : 129 bytes ! interface GigabitEthernet1/0/1 device-tracking attach-policy test source template PORT_TEMPLATE spanning-tree portfast end c9300#sh authentication sessions inter gi 1/0/1 details Interface: GigabitEthernet1/0/1 IIF-ID: 0x11B44CA5 MAC Address: 0050.56b6.f882 IPv6 Address: Unknown IPv4 Address: 10.0.0.1 User-Name: -> User name masked Status: Authorized Domain: DATA Oper host mode: multi-domain Oper control dir: both Session timeout: N/A Common Session ID: 822C300A000000469FC0B8A1 Acct Session ID: 0x0000003f Handle: 0x4900003c Current Policy: SN_PORT_AUTH Local Policies: Service Template: DEFAULT_LINKSEC_POLICY_SHOULD_SECURE (priority 150) Security Policy: Should Secure Security Status: Link Unsecured Server Policies: Interface Template: USER_VLAN_TEMP >>>>> Correct vlan Method status list: Method State dot1x Authc Success c9300#sh mac address-table inter gi 1/0/1 Mac Address Table ------------------------------------------- Vlan Mac Address Type Ports ---- ----------- -------- ----- 999 0050.56b6.f882 STATIC Gi1/0/1 >>>>>>> Correct Vlan 1303 Total Mac Addresses for this criterion: 1
PC/Machine connects for the FIRST time and downloads the User certificate from ISE.
Downgrade to 16.6.3
Click on a version to see all relevant bugs
Cisco Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
