Header Only - DO NOT REMOVE - Extreme Networks

I/G/C/B/A-Series f/w 6.61.09.0012 802.x Authentication can trigger other Users to Authenticate


Userlevel 3
Article ID: 16051

Products
I-Series; firmware 6.61.07.0010 through 6.61.09.0012
G-Series; firmware 6.61.07.0010 through 6.61.09.0012
C5-Series; firmware 6.61.07.0010 through 6.61.09.0012, 6.71.01.0067 through 6.71.02.0008
C3-Series; firmware 6.61.07.0010 through 6.61.09.0012
B5-Series; firmware 6.61.07.0010 through 6.61.09.0012, 6.71.01.0067 through 6.71.02.0008
B3-Series; firmware 6.61.07.0010 through 6.61.09.0012
A4-Series; firmware 6.61.07.0010 through 6.61.09.0012, 6.71.01.0067 through 6.71.02.0008

Changes
Configured for 802.1x Authentication ('
code:
set eapol...
', '
code:
set dot1x...
') and Policy ('
code:
set policy...
').

Symptoms
When a user is 802.1x-authenticated with application of a dynamic policy, and that policy profile is configured to assign the port's PVID VLAN ('
code:
pvid-status enable pvid 4095
'); some EAP packets (destination MAC
code:
01:80:C2:00:00:03
) are flooded/leaked out all ports.
Receipt of those EAP packets triggers some 802.1x supplicants to also authenticate - resulting in a cascading effect.

Solution
Upgrade to 6.61 firmware 6.61.10.0008 or higher.
For the C5/B5/A4-Series, also fixed in firmware 6.71.03.0025 and higher.

See also: 5532.

0 replies

Be the first to reply!

Reply