This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Device is displayed as rejected even though MAC auth was successful

Device is displayed as rejected even though MAC auth was successful

Go to solution
Joshua_DeltaNS
New Contributor II

‎01-05-2024 08:51 AM

Joshua_DeltaNS_1-1704473118783.png

I am currently working on deploying a NAC appliance for a customer and I am puzzled by this occurrence. We have disabled .1x authentication globally on phones for this customer, and have configured the switches to make mac auth take precedence over .1x auth; however, there are two phones that still seem to be attempting .1x authentication. The most confusing aspect of this is they maintain a rejected state when looking at end systems, but looking at the detailed authentication logs, it appears a successful mac authentication has occurred. I have attached a screen shot of the issue for clarity.

Does anyone have any insight as to why these will not move to an accepted state when looking at end systems?

 

Thank you

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Ryan_Yacobucci
Extreme Employee

‎01-07-2024 08:58 AM

I would suggest starting a case with GTAC. 

XIQ-SE should not be displaying a rejected 802.1x state if an underlying successful MAC authentication has occurred. 

Thanks
-Ryan

View solution in original post

4 REPLIES 4

Go to solution
Ryan_Yacobucci
Extreme Employee

‎01-07-2024 08:58 AM

I would suggest starting a case with GTAC. 

XIQ-SE should not be displaying a rejected 802.1x state if an underlying successful MAC authentication has occurred. 

Thanks
-Ryan

Go to solution
Stefan_K_
Valued Contributor

‎01-05-2024 08:59 AM - edited ‎01-05-2024 09:00 AM

Hi Joshua,

I can't really help you, I can just confirm that I saw this issue multiple times (but very rarely) in all kind of scenarios and version of XIQ-SE / Control. Never had the time to dig deeper into it or open a Case. Did you try to reload the distributed end-system cache? 

0 Kudos

Go to solution
Joshua_DeltaNS
New Contributor II
In response to Stefan_K_

‎01-05-2024 09:23 AM

Thanks for your reply Stefan. It is interesting to know that this is a problem for others as well. It is a very isolated incident (2 devices out of >2000), but I would still like to better understand it. 

I have not attempted reloading the distributed end system cache, but will try it later today when the customer is not in production hours. I appreciate the suggestion.

Go to solution
Stefan_K_
Valued Contributor
In response to Joshua_DeltaNS

‎01-10-2024 02:01 PM

Hi @Joshua_DeltaNS ,

did you already raise a case as suggested by @Ryan_Yacobucci 

I have it the other way round for one client at the moment: It's displayed as accepted in the End-System list, all information are up to date and look good. Last seen 10/01/2024 22:51, looks like correct 802.1x (EAP-TLS) auth, shows a username, client IP etc.

When I take a look at the End-System Events I see that the client has been rejected since yesterday. 

The important thing: On the switch the client is getting rejected, so the End-System Events are correct and the "main" entry in the End-System table is faulty.

Unfortunately I'm only able to raise a case on friday. Hope that problem is still present then. Or I have to find another affected client...

 

Best regards
Stefan

0 Kudos
GTM-P2G8KFN