This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

PC lost connection with network. using 802.1x authentication

PC lost connection with network. using 802.1x authentication

JohanHendrikx
Contributor II

ā€Ž09-11-2019 12:19 PM

Iā€™am configuring NAC on our switches and have created 802.1x rules for our AD PCā€™s and users.

We are testing this with 3 pcā€™s. The management access to the switch is based on AD (LDAP).

The ports of the switch are configured for 802.1.x and MAC authentication.

Now we experience that two pcā€™s lost the connection with the network. At that time I could not log in to the switch. 100% sure that I used the correct credintials.

In the end system events I noticed that the profile was changed form AD-user profile to the denny access profile.

After a while I can log in the switch an the pc got the access to the network back.

How can I troubleshoot this.

Switch: X440G2-48p-10G4 firmware version 22.4.1.4
Johan Hendrik System Architect Audax
0 Kudos
8 REPLIES 8

JohanHendrikx
Contributor II

ā€Ž09-30-2019 07:53 AM

@Ryan Yacobucci : Had a reaction form GTAC. There is a bug in 22.4.1.4 and is fixed from 22.5( CR xos0070452 )
Johan Hendrik System Architect Audax
0 Kudos

JohanHendrikx
Contributor II

ā€Ž09-25-2019 06:11 AM

Diagnostics and test the LDAP are oke. No time outs. did the test a few time during the day
Johan Hendrik System Architect Audax
0 Kudos

Ryan_Yacobucci
Extreme Employee

ā€Ž09-23-2019 07:40 PM

Well that does look a little funny.

The rule looks pretty straight forward, only an LDAP criteria.

Right click the NAC --> WebView --> diagnostics --> communication Diagnostics and test the LDAP. Are there LDAP issues occurring like timeouts?

The other thing you can do is in the webview --> diagnostics --> End System Diagnostics enable by MAC for your test device and have it fall through the rule. Attach the end system events and the /var/log/tag.log to a case with GTAC and we can take a look to see why it's falling though.

I would suspect LDAP communication issues based on what you've provided.

Thanks
-Ryan
0 Kudos

JohanHendrikx
Contributor II

ā€Ž09-23-2019 08:10 AM

forgot to add the Screenshot of the evaluation tool and device event.


67d9ead423c5435ab62838a0dbde953b_cf20d4b9-a465-414c-a51e-edeccf4713a1.jpg

67d9ead423c5435ab62838a0dbde953b_2df48dd4-7776-4752-bd40-22f037ca1bce.jpg

Johan Hendrik System Architect Audax
0 Kudos
GTM-P2G8KFN