Extreme Networks

FranzR · ‎08-01-2022

Dear community,

we have one problem with our new Switches from Extreme an macmon nac. All of the new Switches doesn't show the correct 802.1X Status in macmon. They show "unauthorized" although they are authorized. It seems as if the 802.1X MAC Bypass isn't correct. The 802.1X radius looks good.

Any idea? Any experiences with this topic?

Thanks an kind regards

Franz

Stefan_K_ · ‎08-02-2022

The second client shows "Auth status: failed" for 802.1x, so there is something wrong with the 802.1x config. It depends on the end-system what happens in such a case... Some end-systems will stop doing 802.1x Auth and fallback to mac-auth, but others won't function, depending on the configuration. (afaik)
On windows this is called "Fallback to unautorized network access" I believe.

FranzR · ‎08-02-2022

Which part of Switch configuration do you need and how can i share this?

"show netlogin session port x" files are attached. The second one is from a printer, but the bahaviour is the same.

Stefan_K_ · ‎08-02-2022

Care to share your switch config (the relevant parts)? And also share a "show netlogin session port x", preferably of a port where a user is connect and of a port where a camera is connected.

Best regards

Stefan

FranzR · ‎08-02-2022

Hi and Thank you for the response,

yes, we use macmon as radius server. I don't know how macmon determine the port status.

MAC bypass, i mean that there are devices without username, password and / or certifikate. This devices will explicit released with them mac-address. This devices are for e.g. accesspoints or cams. We use macmon to monitor this devices and react before there are problems. A User call us because the client have no connection. A camera doesn't this.

Stefan_K_ · ‎08-02-2022

Hi,
what do you mean with "802.1x MAC bypass"?

Just to make sure: Everything is working fine, clients are working and are authorized, but in Macmon you see that they are unauthorized?

Extreme Networks

5420F and macmon

5420F and macmon