Header Only - DO NOT REMOVE - Extreme Networks

802.1x Clients No Waking After Going To Sleep

  • 8 July 2019
  • 0 replies

Userlevel 5

Currently have an issue where 802.1x clients using machine certs (8021.x) keep dropping off the network?

The port is configured for 802.1x, MAC and CEP authentication.

  • 802.1x or PC's
  • MAC for phones and other devices
  • CEP for phones to assign voice VLAN should NAC's go offline

  • EXOS =
  • XMC =
On further investigation it seems clients can re-join by bouncing the network interface. It also seems that the issue is possibly related to the end-system going to sleep, maybe for around an hour or more.

Considered using the command:

configure netlogin ports 1:7 allow egress-traffic all_cast
configure netlogin ports 1:7 restart

But this no longer seems available:

Slot-1 Far-B20_23-GND.2 # configure netlogin ports 1:7 allow egress-traffic all_cast
%% Invalid number detected at '^' marker.
Slot-1 Far-B20_23-GND.3 # configure netlogin ports 1:7 ?
allowed-users Number of users allowed per port
authentication Configure port authentication settings
trap Enable/Disable/Prohibit trap on first rule use

When looking at the netlogin parameters there is a timer for 'Quiet Period', that could be related to the issue.

Slot-1 Far-B20_23-GND.1 # show netlogin port 1:7
Port : 1:7
Authentication : 802.1x, mac-based
Port State : Enabled
Authentication Mode : Optional (Policy Enabled only)
Max Supported Users : 6144 (Policy Enabled only)
Allowed Users : 128 (Policy Enabled only)
Current Users : 1 (Policy Enabled only)
802.1x Port Configuration
Quiet Period : 60
Supplicant Response Timeout : 30
Re-authentication : On
Re-authentication period : 3600
Max Re-authentications : 3
RADIUS server timeout : 30
MAC Mode Port Configuration
Re-authentication period : 3600
Re-authentication : On
Authentication Delay : 0 seconds (Default)
Netlogin Clients

MAC IP address Authenticated Type ReAuth-Timer User
a0:d3:c1:15:29:8e Yes, Radius 802.1x 2276 host/companny-1853.compannyr.co.uk
(B) - Client entry Blackholed in FDB

I could adjust the timer, but that doesn't really fix the issue as the problem is the wake-up doesn't seem be enough to re-initiate the connection.

So at this point I'm not sure if there is an Extreme or Windows configuration I can implement to cure the issue.

Not sure (need to check) if the 'Quick Period' 60 is seconds or minutes. I know the Re-authentication period is in seconds. Maybe the answer is to perhaps, say, adjust the re-auth time to be within the quiet period if both are seconds?

Not sure if anyone else has experienced the same issue?

Many thanks in advance.

0 replies

Be the first to reply!