Do you mean on our core switch? Running a show counters on the tcam suggests
that they're fine:
cyhr1#sh tcam counts
Used Free Percent Used Reserved
---- ---- ------------ --------
Labels: 4 508 0
ACL_TCAM
Masks: 16 4080 0 0
Entries: 49 32719 0 0
QOS_TCAM
Masks: 0 4096 0 0
Entries: 0 32768 0 0
LOU: 0 64 0
ANDOR: 0 16 0
ORAND: 0 16 0
ADJ: 0 1024 0
Wouldn't this also affect wireless clients if the tcam table was full?
Cheers,
Andi
-----Original Message-----
From: Francois Gaudreault [mailto:[email protected]]
Sent: 26 November 2013 15:29
To: [email protected]
Subject: Re: [PacketFence-users] dot1x being denied on wired clients
Clear the TCAM and retry.
FG
On 11/22/2013, 10:36 AM, Morris, Andi wrote:
>
> Hi all,
>
> Firstly, can I apologise in advance, I don't think this is actually a
> packetfence issue, however other users of packetfence may have come
> across this and might be able to help me resolve it.
>
> Since yesterday we are seeing our wired devices on our packetfence
> controlled network being prompted for credentials each time they are
> plugged in/turned on/rebooted, and often the credentials are being
> rejected.
>
> Radius debug logs show that Access-Accept is being sent to the device,
> but the device is not ever getting onto the network.
>
> Enabling debug on my Cisco 2960 test switch I can see the error below:
>
> %DOT1X_SWITCH-5-ERR_ADDING_ADDRESS: Unable to add address
>
> I'm not 100% convinced that this is the same error that we're seeing
> on our user switches, I'm waiting for some hits on other switches I've
> enabled debugging on to confirm this.
>
> The reason I don't think that this is a packetfence/radius issue is
> that we're not having any issues with wireless clients.
>
> I don't know yet whether it is affecting just Windows users or
> everyone, I'm waiting for confirmation on this.
>
> We are not forcing devices to validate radius certificates (yet).
>
> Has anyone seen this before?
>
> Cheers,
>
> Andi
>
> -------------------------------------
>
> Andi Morris
>
> IT Security Officer
> Cardiff Metropolitan University
>
> T: 02920 205720
> E: [email protected] <mailto:[email protected]>
>
> --------------------------------------
>
>
>
> ----------------------------------------------------------------------
> -------- Shape the Mobile Experience: Free Subscription Software
> experts and developers: Be at the forefront of tech innovation.
> Intel(R) Software Adrenaline delivers strategic insight and
> game-changing conversations that shape the rapidly evolving mobile landscape.
> Sign up now.
> http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.c
> lktrk
>
>
> _______________________________________________
> PacketFence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Francois Gaudreault
Architecte de Solution Cloud | Cloud Solutions Architect
[email protected]
514-629-6775
- - -
CloudOps
420 rue Guy
Montréal QC H3J 1S6
www.cloudops.com
@CloudOps_
------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT
organizations don't have a clear picture of how application performance
affects their revenue. With AppDynamics, you get 100% visibility into your
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT
organizations don't have a clear picture of how application performance
affects their revenue. With AppDynamics, you get 100% visibility into your
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
