Hi,
Got a 2930 switch with the following
class ipv4 "DNS"
10 match udp 0.0.0.0 255.255.255.255 192.168.1.152 0.0.0.0 eq 53
20 match udp 0.0.0.0 255.255.255.255 192.168.2.4 0.0.0.0 eq 53
30 match udp 0.0.0.0 255.255.255.255 192.168.1.88 0.0.0.0 eq 53
exit
class ipv4 "DHCP"
10 match udp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 67
exit
class ipv4 "ICMP"
10 match icmp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
10 class ipv4 "DNS" action permit
10 match ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
class ipv4 "Permit-All"
10 match ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.25.255
exit
policy user "AllowAll"
10 class ipv4 "DNS" action permit
20 class ipv4 "DHCP" action permit
30 class ipv4 "ICMP" action permit
40 class ipv4 "Permit-All" action permit
exit
and then
aaa authorization user-role name "mydevices"
policy "AllowAll"
reauth-period 3600
vlan-name "mydevices"
exit
and finally
aaa port-access 8 controlled-direction in
aaa port-access 8 auth-order authenticator mac-based
aaa port-access 8 auth-priority authenticator mac-based
aaa port-access 8 critical-auth user-role "mydevices"
aaa port-access 8 initial-role "mydevices"
Everything works just fine. with the above ..... until i reboot the switch then the policy user "AllowAll statement loses all its contents and switch starts complaining about invalid local user roles.
This seems to happen on WC.16.10.212 and WC.16.11.11 .... but annoyingly not every time I reboot the switch. Sometimes it works and the policy contents are there after the reboot and sometimes they aren't
Anyone seen this ?
time for a TAC case methinks
A