I/G/C/B/A-Series f/w 802.x Authentication can trigger other Users to Authenticate

  • 0
  • 1
  • Article
  • Updated 5 years ago
Article ID: 16051 

I-Series; firmware through
G-Series; firmware through
C5-Series; firmware through, through
C3-Series; firmware through
B5-Series; firmware through, through
B3-Series; firmware through
A4-Series; firmware through, through 

Configured for 802.1x Authentication ('set eapol...', 'set dot1x...') and Policy ('set policy...'). 

When a user is 802.1x-authenticated with application of a dynamic policy, and that policy profile is configured to assign the port's PVID VLAN ('pvid-status enable pvid 4095'); some EAP packets (destination MAC 01:80:C2:00:00:03) are flooded/leaked out all ports.
Receipt of those EAP packets triggers some 802.1x supplicants to also authenticate - resulting in a cascading effect. 

Upgrade to 6.61 firmware or higher.
For the C5/B5/A4-Series, also fixed in firmware and higher. 

See also: 5532.
Photo of FAQ User

FAQ User, Official Rep

  • 13,620 Points 10k badge 2x thumb

Posted 5 years ago

  • 0
  • 1

There are no replies.

This conversation is no longer open for comments or replies.