Header Only - DO NOT REMOVE - Extreme Networks

NAC Manager - End-System Events does not show all Authentication Events ????

  • 30 November 2016
  • 4 replies

Userlevel 6
Currently i configure for a customer project NAC (Netsight with X440-G2 (EXOS On every port MAC and 802.1x - Multi-User / Multi-Method Authentication - to be mostly flexibel. 802.1x is prefered on the switch (compare to mac).

The used alcatel Phones coming with a working 802.1x supplicant (EAP-TLS) - because this is step 2 or 3 (making EAP-TLS working) i ignore TLS (and the resulting RADIUS reject). I configure MAC Auth correctly and end-systems will result an accept.

To avoid loosing voip end-systems out of NAC Database (because of purging end-systems older than 90 days) i added an RADIUS Accept Attribute to this voip phones - Session Timeout = xx seconds. For testing purpose i set this to 60 seconds.

So this work fine. Voip phones are authenticated at startup with mac successfully (dot1 was rejected). After that i can see with tcpdump that every 60 second the phone is re-authenticationed with mac (successfully) and dot1x (unsuccessfully - but this does not matter).

BUT i am wondering very much - NAC Manager - End-systems Events shows regarding this re-auth (or session timeout) events only the unsuccessful dot1x events - NOT the sucessful mac events (which i expect to see).

Why ?
Is this explainable ?

See here:
- Picture will be added soon -

4 replies

Userlevel 6
Here the screen:

Userlevel 3

Please take a look at this KB article.


This should help NAC to display the MAC authentication Accept messages.

Praveen Joseph Jacob
Userlevel 6
Hi Jacob,

thanks for this advice! That sounds good.

I will try it and let you know!

Userlevel 6
Hi Jacob,

i test this currently at customers installation! It works fine!!

Thanks a lot for this hint!