Modifying a port on a template affects all ports - MX

RaphaelL
Kind of a big deal
Kind of a big deal

Modifying a port on a template affects all ports - MX

Hi folks , 

 

I have been through a strange behavior. 

 

We have a Security appliance template with some ports with 802.1X enabled and some on a Open access policy. 

 

When I applied the 802.1X policy on a open port ( on the template) , ALL the ports went into a reauth or something like that. Result : 300-400 phone calls droppped and phone were unregistered for a solid minute.

 

This is what support responded : 

( which I was unabled to reproduced in my labs.. )

 

Spoiler
Unfortunately, this particular outage is expected behavior. In order to make sure that all of the devices are properly authenticating to the ports. Making changes to the ports that are using radius causes the MX to reevaluate ports that use radius. So even though you were just modifying 12, the MX needed to revaluate 11 as well which caused the phone to go down.

Has anyone ever experienced this ?

2 REPLIES 2
PhilipDAth
Kind of a big deal
Kind of a big deal

Was this by chance on the MX84?

 

Some models do a port reset on all ports when you make any port change.  It is one of the reasons I use loop free cabling configurations (as opposed to using dual links) because it causes spanning tree to re-compute knocking out the network for 30s a time.

I've had more short outages caused by making configuration changes when I used to use dual connections than I have had cable/port failures ... the HA causes more outages than it prevents.

RaphaelL
Kind of a big deal
Kind of a big deal

Hi Phil ,

 

Unfortunatly it affected our MX65, MX65W and MX68. 

 

We are using them as teleworker gateway with 1 uplink , 1 port for a PC and 1 port for a Cisco Phone.

 

I was unable to reproduce the issue in lab... weird

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels