I/G/C/B/A-Series f/w 6.61.09.0012 802.x Authentication can trigger other Users to Authenticate

  • 0
  • 1
  • Article
  • Updated 4 years ago
Article ID: 16051 

Products
I-Series; firmware 6.61.07.0010 through 6.61.09.0012
G-Series; firmware 6.61.07.0010 through 6.61.09.0012
C5-Series; firmware 6.61.07.0010 through 6.61.09.0012, 6.71.01.0067 through 6.71.02.0008
C3-Series; firmware 6.61.07.0010 through 6.61.09.0012
B5-Series; firmware 6.61.07.0010 through 6.61.09.0012, 6.71.01.0067 through 6.71.02.0008
B3-Series; firmware 6.61.07.0010 through 6.61.09.0012
A4-Series; firmware 6.61.07.0010 through 6.61.09.0012, 6.71.01.0067 through 6.71.02.0008 

Changes
Configured for 802.1x Authentication ('set eapol...', 'set dot1x...') and Policy ('set policy...'). 

Symptoms
When a user is 802.1x-authenticated with application of a dynamic policy, and that policy profile is configured to assign the port's PVID VLAN ('pvid-status enable pvid 4095'); some EAP packets (destination MAC 01:80:C2:00:00:03) are flooded/leaked out all ports.
Receipt of those EAP packets triggers some 802.1x supplicants to also authenticate - resulting in a cascading effect. 

Solution
Upgrade to 6.61 firmware 6.61.10.0008 or higher.
For the C5/B5/A4-Series, also fixed in firmware 6.71.03.0025 and higher. 

See also: 5532.
Photo of FAQ User

FAQ User, Official Rep

  • 13,610 Points 10k badge 2x thumb

Posted 4 years ago

  • 0
  • 1

There are no replies.

This conversation is no longer open for comments or replies.