https://community.extremenetworks.com/t5/faqs/i-g-c-b-a-series-f-w-6-61-09-0012-802-x-authentication-can/m-p/48743#M546 Article ID: 16051 <BR /> <BR /> <B>Products</B><BR /> I-Series; firmware 6.61.07.0010 through 6.61.09.0012<BR /> G-Series; firmware 6.61.07.0010 through 6.61.09.0012<BR /> C5-Series; firmware 6.61.07.0010 through 6.61.09.0012, 6.71.01.0067 through 6.71.02.0008<BR /> C3-Series; firmware 6.61.07.0010 through 6.61.09.0012<BR /> B5-Series; firmware 6.61.07.0010 through 6.61.09.0012, 6.71.01.0067 through 6.71.02.0008<BR /> B3-Series; firmware 6.61.07.0010 through 6.61.09.0012<BR /> A4-Series; firmware 6.61.07.0010 through 6.61.09.0012, 6.71.01.0067 through 6.71.02.0008 <BR /> <BR /> <B>Changes</B><BR /> Configured for 802.1x Authentication ('<DIV class="threadCode"><B>code:</B><PRE spellcheck="false">set eapol...</PRE></DIV>', '<DIV class="threadCode"><B>code:</B><PRE spellcheck="false">set dot1x...</PRE></DIV>') and Policy ('<DIV class="threadCode"><B>code:</B><PRE spellcheck="false">set policy...</PRE></DIV>'). <BR /> <BR /> <B>Symptoms</B><BR /> When a user is 802.1x-authenticated with application of a dynamic policy, and that policy profile is configured to assign the port's PVID VLAN ('<DIV class="threadCode"><B>code:</B><PRE spellcheck="false">pvid-status enable pvid 4095</PRE></DIV>'); some EAP packets (destination MAC <DIV class="threadCode"><B>code:</B><PRE spellcheck="false">01:80:C2:00:00:03</PRE></DIV>) are flooded/leaked out all ports.<BR /> Receipt of those EAP packets triggers some 802.1x supplicants to also authenticate - resulting in a cascading effect. <BR /> <BR /> <B>Solution</B><BR /> Upgrade to 6.61 firmware 6.61.10.0008 or higher.<BR /> For the C5/B5/A4-Series, also fixed in firmware 6.71.03.0025 and higher. <BR /> <BR /> See also: <A href="http://bit.ly/19LXsqz" target="_blank" rel="nofollow noreferrer noopener">5532</A>. Mon, 23 Dec 2013 19:02:00 GMT FAQ_User 2013-12-23T19:02:00Z https://community.extremenetworks.com/t5/faqs/i-g-c-b-a-series-f-w-6-61-09-0012-802-x-authentication-can/m-p/48743#M546 Article ID: 16051 <BR /> <BR /> <B>Products</B><BR /> I-Series; firmware 6.61.07.0010 through 6.61.09.0012<BR /> G-Series; firmware 6.61.07.0010 through 6.61.09.0012<BR /> C5-Series; firmware 6.61.07.0010 through 6.61.09.0012, 6.71.01.0067 through 6.71.02.0008<BR /> C3-Series; firmware 6.61.07.0010 through 6.61.09.0012<BR /> B5-Series; firmware 6.61.07.0010 through 6.61.09.0012, 6.71.01.0067 through 6.71.02.0008<BR /> B3-Series; firmware 6.61.07.0010 through 6.61.09.0012<BR /> A4-Series; firmware 6.61.07.0010 through 6.61.09.0012, 6.71.01.0067 through 6.71.02.0008 <BR /> <BR /> <B>Changes</B><BR /> Configured for 802.1x Authentication ('<DIV class="threadCode"><B>code:</B><PRE spellcheck="false">set eapol...</PRE></DIV>', '<DIV class="threadCode"><B>code:</B><PRE spellcheck="false">set dot1x...</PRE></DIV>') and Policy ('<DIV class="threadCode"><B>code:</B><PRE spellcheck="false">set policy...</PRE></DIV>'). <BR /> <BR /> <B>Symptoms</B><BR /> When a user is 802.1x-authenticated with application of a dynamic policy, and that policy profile is configured to assign the port's PVID VLAN ('<DIV class="threadCode"><B>code:</B><PRE spellcheck="false">pvid-status enable pvid 4095</PRE></DIV>'); some EAP packets (destination MAC <DIV class="threadCode"><B>code:</B><PRE spellcheck="false">01:80:C2:00:00:03</PRE></DIV>) are flooded/leaked out all ports.<BR /> Receipt of those EAP packets triggers some 802.1x supplicants to also authenticate - resulting in a cascading effect. <BR /> <BR /> <B>Solution</B><BR /> Upgrade to 6.61 firmware 6.61.10.0008 or higher.<BR /> For the C5/B5/A4-Series, also fixed in firmware 6.71.03.0025 and higher. <BR /> <BR /> See also: <A href="http://bit.ly/19LXsqz" target="_blank" rel="nofollow noreferrer noopener">5532</A>. Mon, 23 Dec 2013 19:02:00 GMT https://community.extremenetworks.com/t5/faqs/i-g-c-b-a-series-f-w-6-61-09-0012-802-x-authentication-can/m-p/48743#M546 FAQ_User 2013-12-23T19:02:00Z