Security

 View Only
last person joined: 18 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Err-disabled with Ports that authenticate with ClearPass

This thread has been viewed 9 times
  • 1.  Err-disabled with Ports that authenticate with ClearPass

    Posted Sep 24, 2022 12:51 PM

    Hi

    We have an issue that some ports show the same MAC address with different VLAN "Voice & Data" as the below screenshot, we connect the IP phone to the switch and data to PC through the IP phone while other ports working normally with the same installation and all the ports that configure with ClearPass and show 3 MAC address make an err-disabled.

    21.44.10@2x.png" style="box-sizing: inherit; border: 0px; font-family: inherit; font-size: inherit; font-style: inherit; font-variant-caps: inherit; font-weight: inherit; font-stretch: inherit; line-height: inherit; margin: 0px; padding: 0px; vertical-align: baseline; display: inline-block; max-width: 100%; position: relative; width: 364px;">21.44.10@2x.png" alt="CleanShot 2022-09-18 at 21.44.10@2x.png" li-image-url="https://community.cisco.com/t5/image/serverpage/image-id/162803i7CED4DD8584E97AB?v=v2" li-image-display-id="'162803i7CED4DD8584E97AB'" li-message-uid="'4689210'" li-messages-message-image="true" li-bindable="" class="lia-media-image img-responsive" li-bypass-lightbox-when-linked="true" li-use-hover-links="false" li-compiled="true" style="box-sizing: border-box; border: 0px; vertical-align: baseline; font-family: inherit; font-size: inherit; font-style: inherit; font-variant-caps: inherit; font-weight: inherit; font-stretch: inherit; line-height: inherit; margin: 0px; padding: 0px; cursor: zoom-in; display: block; max-width: 100%; height: auto;" width="364" height="104" tabindex="0" />

    Appreciate your help

    Thanks



  • 2.  RE: Err-disabled with Ports that authenticate with ClearPass

    MVP GURU
    Posted Sep 28, 2022 07:15 AM
    I believe this is normal for a device that changes VLAN through CoA. The MAC table should age out the old VLAN 8 entry. What are the logs saying for the err-disable reason?

    ------------------------------
    Dustin Burns

    Lead Mobility Engineer @Worldcom Exchange, Inc.

    ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2022
    If my post was useful accept solution and/or give kudos
    ------------------------------