https://community.extremenetworks.com/t5/extremeswitching-exos-switch/802-1x-clients-no-waking-after-going-to-sleep/m-p/73298#M19079 Hi,<BR /> <BR /> Currently have an issue where 802.1x clients using machine certs (8021.x) keep dropping off the network?<BR /> <BR /> The port is configured for 802.1x, MAC and CEP authentication. <BR /> <BR /> <UL> <LI>802.1x or PC's </LI><LI>MAC for phones and other devices </LI><LI>CEP for phones to assign voice VLAN should NAC's go offline </LI></UL> Firmware<BR /> <BR /> <UL> <LI>EXOS = 22.6.1.4 </LI><LI>XMC = 8.2.4.42 </LI></UL> On further investigation it seems clients can re-join by bouncing the network interface. It also seems that the issue is possibly related to the end-system going to sleep, maybe for around an hour or more.<BR /> <BR /> Considered using the command:<BR /> <BR /> <DIV class="threadCode"><B>code:</B><PRE spellcheck="false">configure netlogin ports 1:7 allow egress-traffic all_cast<BR />configure netlogin ports 1:7 restart<BR /></PRE></DIV><BR /> <BR /> <BR /> But this no longer seems available:<BR /> <BR /> <DIV class="threadCode"><B>code:</B><PRE spellcheck="false">Slot-1 Far-B20_23-GND.2 # configure netlogin ports 1:7 allow egress-traffic all_cast<BR /> ^<BR />%% Invalid number detected at '^' marker.<BR />Slot-1 Far-B20_23-GND.3 # configure netlogin ports 1:7 ?<BR /> allowed-users Number of users allowed per port<BR /> authentication Configure port authentication settings<BR /> trap Enable/Disable/Prohibit trap on first rule use<BR /></PRE></DIV><BR /> <BR /> <BR /> When looking at the netlogin parameters there is a timer for 'Quiet Period', that could be related to the issue.<BR /> <BR /> <DIV class="threadCode"><B>code:</B><PRE spellcheck="false">Slot-1 Far-B20_23-GND.1 # show netlogin port 1:7<BR />Port : 1:7<BR />Authentication : 802.1x, mac-based<BR />Port State : Enabled<BR />Authentication Mode : Optional (Policy Enabled only)<BR />Max Supported Users : 6144 (Policy Enabled only)<BR />Allowed Users : 128 (Policy Enabled only)<BR />Current Users : 1 (Policy Enabled only)<BR />------------------------------------------------<BR /> 802.1x Port Configuration<BR />------------------------------------------------<BR />Quiet Period : 60<BR />Supplicant Response Timeout : 30<BR />Re-authentication : On<BR />Re-authentication period : 3600<BR />Max Re-authentications : 3<BR />RADIUS server timeout : 30<BR />------------------------------------------------<BR /> MAC Mode Port Configuration<BR />------------------------------------------------<BR />Re-authentication period : 3600<BR />Re-authentication : On<BR />Authentication Delay : 0 seconds (Default)<BR />------------------------------------------------<BR /> Netlogin Clients<BR />------------------------------------------------<BR /><BR />MAC IP address Authenticated Type ReAuth-Timer User <BR />a0:d3:c1:15:29:8e 0.0.0.0 Yes, Radius 802.1x 2276 host/companny-1853.compannyr.co.uk<BR />-----------------------------------------------<BR />(B) - Client entry Blackholed in FDB<BR /></PRE></DIV><BR /> <BR /> <BR /> I could adjust the timer, but that doesn't really fix the issue as the problem is the wake-up doesn't seem be enough to re-initiate the connection.<BR /> <BR /> So at this point I'm not sure if there is an Extreme or Windows configuration I can implement to cure the issue.<BR /> <BR /> Not sure (need to check) if the 'Quick Period' 60 is seconds or minutes. I know the Re-authentication period is in seconds. Maybe the answer is to perhaps, say, adjust the re-auth time to be within the quiet period if both are seconds?<BR /> <BR /> Not sure if anyone else has experienced the same issue?<BR /> <BR /> Many thanks in advance. Mon, 08 Jul 2019 23:07:11 GMT Anonymous 2019-07-08T23:07:11Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/802-1x-clients-no-waking-after-going-to-sleep/m-p/73298#M19079 Hi,<BR /> <BR /> Currently have an issue where 802.1x clients using machine certs (8021.x) keep dropping off the network?<BR /> <BR /> The port is configured for 802.1x, MAC and CEP authentication. <BR /> <BR /> <UL> <LI>802.1x or PC's </LI><LI>MAC for phones and other devices </LI><LI>CEP for phones to assign voice VLAN should NAC's go offline </LI></UL> Firmware<BR /> <BR /> <UL> <LI>EXOS = 22.6.1.4 </LI><LI>XMC = 8.2.4.42 </LI></UL> On further investigation it seems clients can re-join by bouncing the network interface. It also seems that the issue is possibly related to the end-system going to sleep, maybe for around an hour or more.<BR /> <BR /> Considered using the command:<BR /> <BR /> <DIV class="threadCode"><B>code:</B><PRE spellcheck="false">configure netlogin ports 1:7 allow egress-traffic all_cast<BR />configure netlogin ports 1:7 restart<BR /></PRE></DIV><BR /> <BR /> <BR /> But this no longer seems available:<BR /> <BR /> <DIV class="threadCode"><B>code:</B><PRE spellcheck="false">Slot-1 Far-B20_23-GND.2 # configure netlogin ports 1:7 allow egress-traffic all_cast<BR /> ^<BR />%% Invalid number detected at '^' marker.<BR />Slot-1 Far-B20_23-GND.3 # configure netlogin ports 1:7 ?<BR /> allowed-users Number of users allowed per port<BR /> authentication Configure port authentication settings<BR /> trap Enable/Disable/Prohibit trap on first rule use<BR /></PRE></DIV><BR /> <BR /> <BR /> When looking at the netlogin parameters there is a timer for 'Quiet Period', that could be related to the issue.<BR /> <BR /> <DIV class="threadCode"><B>code:</B><PRE spellcheck="false">Slot-1 Far-B20_23-GND.1 # show netlogin port 1:7<BR />Port : 1:7<BR />Authentication : 802.1x, mac-based<BR />Port State : Enabled<BR />Authentication Mode : Optional (Policy Enabled only)<BR />Max Supported Users : 6144 (Policy Enabled only)<BR />Allowed Users : 128 (Policy Enabled only)<BR />Current Users : 1 (Policy Enabled only)<BR />------------------------------------------------<BR /> 802.1x Port Configuration<BR />------------------------------------------------<BR />Quiet Period : 60<BR />Supplicant Response Timeout : 30<BR />Re-authentication : On<BR />Re-authentication period : 3600<BR />Max Re-authentications : 3<BR />RADIUS server timeout : 30<BR />------------------------------------------------<BR /> MAC Mode Port Configuration<BR />------------------------------------------------<BR />Re-authentication period : 3600<BR />Re-authentication : On<BR />Authentication Delay : 0 seconds (Default)<BR />------------------------------------------------<BR /> Netlogin Clients<BR />------------------------------------------------<BR /><BR />MAC IP address Authenticated Type ReAuth-Timer User <BR />a0:d3:c1:15:29:8e 0.0.0.0 Yes, Radius 802.1x 2276 host/companny-1853.compannyr.co.uk<BR />-----------------------------------------------<BR />(B) - Client entry Blackholed in FDB<BR /></PRE></DIV><BR /> <BR /> <BR /> I could adjust the timer, but that doesn't really fix the issue as the problem is the wake-up doesn't seem be enough to re-initiate the connection.<BR /> <BR /> So at this point I'm not sure if there is an Extreme or Windows configuration I can implement to cure the issue.<BR /> <BR /> Not sure (need to check) if the 'Quick Period' 60 is seconds or minutes. I know the Re-authentication period is in seconds. Maybe the answer is to perhaps, say, adjust the re-auth time to be within the quiet period if both are seconds?<BR /> <BR /> Not sure if anyone else has experienced the same issue?<BR /> <BR /> Many thanks in advance. Mon, 08 Jul 2019 23:07:11 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/802-1x-clients-no-waking-after-going-to-sleep/m-p/73298#M19079 Anonymous 2019-07-08T23:07:11Z