Question

802.1x Clients No Waking After Going To Sleep

  • 8 July 2019
  • 0 replies
  • 196 views

Userlevel 5
Hi,

Currently have an issue where 802.1x clients using machine certs (8021.x) keep dropping off the network?

The port is configured for 802.1x, MAC and CEP authentication.

  • 802.1x or PC's
  • MAC for phones and other devices
  • CEP for phones to assign voice VLAN should NAC's go offline
Firmware

  • EXOS = 22.6.1.4
  • XMC = 8.2.4.42
On further investigation it seems clients can re-join by bouncing the network interface. It also seems that the issue is possibly related to the end-system going to sleep, maybe for around an hour or more.

Considered using the command:

code:
configure netlogin ports 1:7 allow egress-traffic all_cast
configure netlogin ports 1:7 restart



But this no longer seems available:

code:
Slot-1 Far-B20_23-GND.2 # configure netlogin ports 1:7 allow egress-traffic all_cast
^
%% Invalid number detected at '^' marker.
Slot-1 Far-B20_23-GND.3 # configure netlogin ports 1:7 ?
allowed-users Number of users allowed per port
authentication Configure port authentication settings
trap Enable/Disable/Prohibit trap on first rule use



When looking at the netlogin parameters there is a timer for 'Quiet Period', that could be related to the issue.

code:
Slot-1 Far-B20_23-GND.1 # show netlogin port 1:7
Port : 1:7
Authentication : 802.1x, mac-based
Port State : Enabled
Authentication Mode : Optional (Policy Enabled only)
Max Supported Users : 6144 (Policy Enabled only)
Allowed Users : 128 (Policy Enabled only)
Current Users : 1 (Policy Enabled only)
------------------------------------------------
802.1x Port Configuration
------------------------------------------------
Quiet Period : 60
Supplicant Response Timeout : 30
Re-authentication : On
Re-authentication period : 3600
Max Re-authentications : 3
RADIUS server timeout : 30
------------------------------------------------
MAC Mode Port Configuration
------------------------------------------------
Re-authentication period : 3600
Re-authentication : On
Authentication Delay : 0 seconds (Default)
------------------------------------------------
Netlogin Clients
------------------------------------------------

MAC IP address Authenticated Type ReAuth-Timer User
a0:d3:c1:15:29:8e 0.0.0.0 Yes, Radius 802.1x 2276 host/companny-1853.compannyr.co.uk
-----------------------------------------------
(B) - Client entry Blackholed in FDB



I could adjust the timer, but that doesn't really fix the issue as the problem is the wake-up doesn't seem be enough to re-initiate the connection.

So at this point I'm not sure if there is an Extreme or Windows configuration I can implement to cure the issue.

Not sure (need to check) if the 'Quick Period' 60 is seconds or minutes. I know the Re-authentication period is in seconds. Maybe the answer is to perhaps, say, adjust the re-auth time to be within the quiet period if both are seconds?

Not sure if anyone else has experienced the same issue?

Many thanks in advance.

0 replies

Be the first to reply!

Reply