X440 and Netsight Nac The session is no longer active due to: Admin-Reset.


Hello all

i have the following Problem with one Device in our Network
It is an CAB Label Printer connected on an X440 with Netsight
After 10 Minutes the following message is in the Netsight Nac manager

The session is no longer active due to: Admin-Reset.

If the message appear in the NAC the Device is no longer reachable
only Force Reauth and Power off the Device brings it back

Is anbody here that have an idea was it is

regards
Oliver

11 replies

Userlevel 6
Maybe the switch clears its fdb entry and this causes the admin reset ? You should see that in the switch log.
Userlevel 7
What kind of authentication is used ?
Hello Oscar and Ronald
there is no entry in the switch log

Mac authentication is used

Our X450 switches show the same message in the NAC but the CAB Label Printers on these switches are reachable after the message
The Status switch from disconnected to accept if we print or ping the Device
Userlevel 7
Might be a problem with the printers powersave option - try to change it to a higher value and see whether that increases the time till it doesn't work.

Do you poll the printer via Netsight - could be a "workaround" - if you poll it all the time it might also solves the problem.
The following messages in the switch log
[i] Network Login MAC user xxxx logged in MAC xxxx port 12 VLAN(s) "[u]", authentication Radius
[i] The authentication state of Network Login user xxxx was cleared by policy, Mac xxxx port 12 VLAN(s) "" Protocol(s) "MAC"
Userlevel 1
Fischer Oliver wrote:

The following messages in the switch log
[i] Network Login MAC user xxxx logged in MAC xxxx port 12 VLAN(s) "[u]", authentication Radius
[i] The authentication state of Network Login user xxxx was cleared by policy, Mac xxxx port 12 VLAN(s) "" Protocol(s) "MAC"

Curious if you are a resolution to this. I see the same thing with an Epson printer doing MAC auth and this same output is show in the NAC Manager and switch log on an X450-G2...
Userlevel 6
Does the same policy work with normal PC's ? I thnk there might be a problem with the policy when it is applied to that mac ?
Hi Guys,

I am facing the same issue here in same scenario. X440-G2 Switches and Netsight/NAC. But my clients are dot1x authenticated. After some time the sesision disconnects with reason "The session is no longer active due to: Admin-Reset". Kindly help.
Userlevel 6
Fighting with the same problem:

Windows 7 / 802.1x / X440-G2 EXOS V21.1.3.7-Patch1-4 with Extreme Control V7.1.1.9

05/05/2017 08:24:17.07 [i] Slot-1: The authentication state of Network Login user host/YLQP019998.XXX.xx was cleared by policy due to Admin Reset, Mac 90:1B:0E:2E:35:5C port 2:26 VLAN(s) "" Protocol(s) "802.1x"

What is reason "Admin Reset" - either Re-Auth Button in NAC was pressed nor clear netlogin session per CLI was used. It happens randomly!

How is it possible to get EAPoL Counters regarding this port to verify if EAPoL Logoff Messages was sent from Client ?

Regards
Userlevel 6
M.Nees wrote:

Fighting with the same problem:

Windows 7 / 802.1x / X440-G2 EXOS V21.1.3.7-Patch1-4 with Extreme Control V7.1.1.9

05/05/2017 08:24:17.07 [i] Slot-1: The authentication state of Network Login user host/YLQP019998.XXX.xx was cleared by policy due to Admin Reset, Mac 90:1B:0E:2E:35:5C port 2:26 VLAN(s) "" Protocol(s) "802.1x"

What is reason "Admin Reset" - either Re-Auth Button in NAC was pressed nor clear netlogin session per CLI was used. It happens randomly!

How is it possible to get EAPoL Counters regarding this port to verify if EAPoL Logoff Messages was sent from Client ?

Regards

EAPoL Statistics searched like this on Brocade Switches:
(Statistics can be cleared/reseted)

device# show dot1x statistics ethernet 10/2/1 Port 10/2/1 Statistics: RX EAPOL Start : 2 RX EAPOL Logoff : 2 RX EAPOL Invalid : 0 RX EAPOL Total : 12 RX EAP Resp/Id : 4 RX EAP Resp other than Resp/Id : 4 RX EAP Length Error : 0 Last EAPOL Version : 1 Last EAPOL Source : 0022.0002.0002 TX EAPOL Total : 0 TX EAP Req/Id : 10417 TX EAP Req other than Req/Id : 2[/code]
Userlevel 6
M.Nees wrote:

Fighting with the same problem:

Windows 7 / 802.1x / X440-G2 EXOS V21.1.3.7-Patch1-4 with Extreme Control V7.1.1.9

05/05/2017 08:24:17.07 [i] Slot-1: The authentication state of Network Login user host/YLQP019998.XXX.xx was cleared by policy due to Admin Reset, Mac 90:1B:0E:2E:35:5C port 2:26 VLAN(s) "" Protocol(s) "802.1x"

What is reason "Admin Reset" - either Re-Auth Button in NAC was pressed nor clear netlogin session per CLI was used. It happens randomly!

How is it possible to get EAPoL Counters regarding this port to verify if EAPoL Logoff Messages was sent from Client ?

Regards

Current state of the issue is:

It occurs if RADIUS Accouting AND dynamic Session-ReAuth (provide by RADIUS Session-Timout Value) run simultaniously. Disable one of both, the problem disappears.

I hope we can find the root cause because both feature needed.

Regards

Reply