Ah I see what you're saying now. We're not using port security, just dot1x (unless dot1x invokes port security somehow). However, we're seeing the issue on several other switches, a mix of 2950 and 2960, and it all seemed to happen at exactly the same time, which is why I was wondering whether there was a full table on the core.
Cheers, Andi -----Original Message----- From: Francois Gaudreault [mailto:[email protected]] Sent: 03 December 2013 17:10 To: [email protected] Subject: Re: [PacketFence-users] dot1x being denied on wired clients Not on the core, on your actual 2960. If the TCAM/Mac address table is still having space, is it possible this mac is a secure mac address on another port using port-security on the same switch? Francois On 12/3/2013, 11:29 AM, Morris, Andi wrote: > Do you mean on our core switch? Running a show counters on the tcam suggests > that they're fine: > > cyhr1#sh tcam counts > Used Free Percent Used Reserved > ---- ---- ------------ -------- > Labels: 4 508 0 > > ACL_TCAM > Masks: 16 4080 0 0 > Entries: 49 32719 0 0 > > QOS_TCAM > Masks: 0 4096 0 0 > Entries: 0 32768 0 0 > > LOU: 0 64 0 > ANDOR: 0 16 0 > ORAND: 0 16 0 > ADJ: 0 1024 0 > > Wouldn't this also affect wireless clients if the tcam table was full? > > Cheers, > Andi > > > -----Original Message----- > From: Francois Gaudreault [mailto:[email protected]] > Sent: 26 November 2013 15:29 > To: [email protected] > Subject: Re: [PacketFence-users] dot1x being denied on wired clients > > Clear the TCAM and retry. > > FG > > On 11/22/2013, 10:36 AM, Morris, Andi wrote: >> Hi all, >> >> Firstly, can I apologise in advance, I don't think this is actually a >> packetfence issue, however other users of packetfence may have come >> across this and might be able to help me resolve it. >> >> Since yesterday we are seeing our wired devices on our packetfence >> controlled network being prompted for credentials each time they are >> plugged in/turned on/rebooted, and often the credentials are being >> rejected. >> >> Radius debug logs show that Access-Accept is being sent to the >> device, but the device is not ever getting onto the network. >> >> Enabling debug on my Cisco 2960 test switch I can see the error below: >> >> %DOT1X_SWITCH-5-ERR_ADDING_ADDRESS: Unable to add address >> >> I'm not 100% convinced that this is the same error that we're seeing >> on our user switches, I'm waiting for some hits on other switches >> I've enabled debugging on to confirm this. >> >> The reason I don't think that this is a packetfence/radius issue is >> that we're not having any issues with wireless clients. >> >> I don't know yet whether it is affecting just Windows users or >> everyone, I'm waiting for confirmation on this. >> >> We are not forcing devices to validate radius certificates (yet). >> >> Has anyone seen this before? >> >> Cheers, >> >> Andi >> >> ------------------------------------- >> >> Andi Morris >> >> IT Security Officer >> Cardiff Metropolitan University >> >> T: 02920 205720 >> E: [email protected] <mailto:[email protected]> >> >> -------------------------------------- >> >> >> >> --------------------------------------------------------------------- >> - >> -------- Shape the Mobile Experience: Free Subscription Software >> experts and developers: Be at the forefront of tech innovation. >> Intel(R) Software Adrenaline delivers strategic insight and >> game-changing conversations that shape the rapidly evolving mobile >> landscape. Sign up now. >> http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg. >> c >> lktrk >> >> >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users > > -- > Francois Gaudreault > Architecte de Solution Cloud | Cloud Solutions Architect > [email protected] > 514-629-6775 > - - - > CloudOps > 420 rue Guy > Montréal QC H3J 1S6 > www.cloudops.com > @CloudOps_ > > > ---------------------------------------------------------------------- > -------- Rapidly troubleshoot problems before they affect your > business. Most IT organizations don't have a clear picture of how > application performance affects their revenue. With AppDynamics, you > get 100% visibility into your Java,.NET, & PHP application. Start your > 15-day FREE TRIAL of AppDynamics Pro! > http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.c > lktrk _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > > ---------------------------------------------------------------------- > -------- Rapidly troubleshoot problems before they affect your > business. Most IT organizations don't have a clear picture of how > application performance affects their revenue. With AppDynamics, you > get 100% visibility into your Java,.NET, & PHP application. Start your > 15-day FREE TRIAL of AppDynamics Pro! > http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.c > lktrk _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > -- Francois Gaudreault Architecte de Solution Cloud | Cloud Solutions Architect [email protected] 514-629-6775 - - - CloudOps 420 rue Guy Montréal QC H3J 1S6 www.cloudops.com @CloudOps_ ------------------------------------------------------------------------------ Rapidly troubleshoot problems before they affect your business. Most IT organizations don't have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ Sponsored by Intel(R) XDK Develop, test and display web and hybrid apps with a single code base. Download it for free now! http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
