I'm waiting on a call back from TAC, and was hoping the community might have some information. We have two CX 6100 switches both running 10.06.0140. We've seen this problem on other 10.06 releases as well.
The issue is, that after a period of time, some port access clients (mac auth is where we've seen this so far) disappear from the switch. By that I mean that the command
show port-access clients
no longer shows them at all and we stop receiving any requests through clearpass. Rebooting the client doesn't help, nor does bouncing the port. Rebooting the switch does help.
It can happen with a variety of clients and ports (all ports configured the same way) but the one we're seeing right now is on port 15, and the config on that is:
interface 1/1/15
no shutdown
vlan access 1
loop-protect
loop-protect action tx-rx-disable
aaa authentication port-access client-limit 32
aaa authentication port-access dot1x authenticator
eapol-timeout 2
max-eapol-requests 3
reauth
enable
aaa authentication port-access mac-auth
reauth
enable
client track ip enable
client track ip update-interval 60
There's nothing regarding that port in the logs that I can see.
Any ideas?
------------------------------
Jordan Desroches
------------------------------