Header Only - DO NOT REMOVE - Extreme Networks

I/G/C/B/A-Series f/w 6.61.10.0008 can issue Maclock Trap upon 802.1x Authentication Failure


Userlevel 3
Article ID: 16047

Products
I-Series; firmware 6.61.05.0009 through 6.61.10.0008
G-Series; firmware 6.61.05.0009 through 6.61.10.0008
C5-Series; firmware 6.61.05.0009 through 6.61.10.0008, 6.71.01.6.71.01.0067 through 6.71.03.0025
C3-Series; firmware 6.61.05.0009 through 6.61.10.0008
B5-Series; firmware 6.61.05.0009 through 6.61.10.0008, 6.71.01.6.71.01.0067 through 6.71.03.0025
B3-Series; firmware 6.61.05.0009 through 6.61.10.0008
A4-Series; firmware 6.61.05.0009 through 6.61.10.0008, 6.71.01.6.71.01.0067 through 6.71.03.0025

Changes
Enabled 802.1x Authentication ('
code:

set dot1x...

', '
code:

set eapol...

', '
code:

set radius...

')
Enabled MAC Locking ('
code:

set maclock...

').
Configured for traps ('
code:

set snmp...

).

Symptoms
When 802.1x Authentication fails, a maclock trap (type "
code:

etsysMACLockingMACViolation

") is issued, reporting an all-zero violating MAC address ("
code:

etsysMACLockingLastViolationAddress.68 = 0:0:0:0:0:0

").

Solution
Upgrade to 6.61 firmware 6.61.11.0006 or higher.
Release notes state, in the '
code:

Changes and Enhancements in 6.61.11.0006

' section:
code:

18761

code:

Corrected an issue where etsysMACLockingMACViolation traps could erroneously be generated.



Optionally for the C5, B5, or A4-Series; upgrade to firmware 6.71.04.0004 or higher.
Release notes state, in the '
code:

Changes and Enhancements in 6.71.04.0004

' section:
code:

18761

code:

Corrected an issue where etsysMACLockingMACViolation traps could erroneously be generated

0 replies

Be the first to reply!

Reply