Question

PC lost connection with network. using 802.1x authentication

  • 11 September 2019
  • 3 replies
  • 86 views

Userlevel 4
I’am configuring NAC on our switches and have created 802.1x rules for our AD PC’s and users.

We are testing this with 3 pc’s. The management access to the switch is based on AD (LDAP).

The ports of the switch are configured for 802.1.x and MAC authentication.

Now we experience that two pc’s lost the connection with the network. At that time I could not log in to the switch. 100% sure that I used the correct credintials.

In the end system events I noticed that the profile was changed form AD-user profile to the denny access profile.

After a while I can log in the switch an the pc got the access to the network back.

How can I troubleshoot this.

Switch: X440G2-48p-10G4 firmware version 22.4.1.4

3 replies

Userlevel 7
I'd use the evaluation tool to see why the 2xPCs skipped the AD-user rule.

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-use-configuration-evaluation-tool-with-Extreme-Management-Center
Userlevel 6
I would check to see what the result of the attempted login using 802.1x authentication was. Even if the port is in a deny all role I believe we still allow EAP to pass through. This wasn't always the case.

Was the 802.1x authentication rejected due to an issue that later cleared that allowed you to login?

The end system events should show 802.1x authentication attempts and what their result was.

Thanks
-Ryan
Userlevel 4
I will check my end system events

Reply