Hi Hub Community,
We’re using the Extreme Control Policy (NAC) in one of our customers in the health care system to implement some security checks, regarding the devices that can connect to our network. In resume, in our EXOS stacks we have all the ports with the DATA vlan (untag) and VoIP vlan (tag) and we use 802.1X (dot1x - NAC and Microsoft AD) to authenticate our users. On the other hand, we have some NAC policies for special cases, like the printers and the medical devices. When this kind of devices is connected to one of the EXOS stacks, the NAC Engine dynamically assigns the proper vlan (we have a vlan for printers and a vlan for medical devices) on the switch port, using MAC authentication, not 802.1X. In most cases, this is working just fine. However, for some printers we’re facing a stange issue. Basically, from time to time, a printer just stops to communicate. I’m sharing the logs of the port where a printer with this symptom is connected.
As you can see, we can observe some 802.1X auth being rejected. The funny thing, is that the printer (Zebra G series) does not support 802.1X. So, how can I see these kind of logs? To workaround the issue, we need to reboot the printer and delete the DHCP lease that the printer acquires during the process of authentication on the DATA static vlan. Eventually, after 2 or 3 retries, the printer starts working on the proper vlan for quite some time.
So anyone can help?
Regards,
César Santos
