Extreme Networks

JohanHendrikx · ‎09-11-2019

I’am configuring NAC on our switches and have created 802.1x rules for our AD PC’s and users.

We are testing this with 3 pc’s. The management access to the switch is based on AD (LDAP).

The ports of the switch are configured for 802.1.x and MAC authentication.

Now we experience that two pc’s lost the connection with the network. At that time I could not log in to the switch. 100% sure that I used the correct credintials.

In the end system events I noticed that the profile was changed form AD-user profile to the denny access profile.

After a while I can log in the switch an the pc got the access to the network back.

How can I troubleshoot this.

Switch: X440G2-48p-10G4 firmware version 22.4.1.4

Johan Hendrik System Architect Audax

JohanHendrikx · ‎09-23-2019

@Ryan Yacobucci After losing the connection, the evaluation tool showed me that the correct rule was hit but in the logging I saw that the connection was denied.

Johan Hendrik System Architect Audax

JohanHendrikx · ‎09-12-2019

I will check my end system events

Johan Hendrik System Architect Audax

Ryan_Yacobucci · ‎09-11-2019

I would check to see what the result of the attempted login using 802.1x authentication was. Even if the port is in a deny all role I believe we still allow EAP to pass through. This wasn't always the case.

Was the 802.1x authentication rejected due to an issue that later cleared that allowed you to login?

The end system events should show 802.1x authentication attempts and what their result was.

Thanks
-Ryan

Ronald_Dvorak · ‎09-11-2019

I'd use the evaluation tool to see why the 2xPCs skipped the AD-user rule.

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-use-configuration-evaluation-tool-w...

Extreme Networks

PC lost connection with network. using 802.1x authentication

PC lost connection with network. using 802.1x authentication