cancel
Showing results for 
Search instead for 
Did you mean: 

5420F and macmon

5420F and macmon

FranzR
New Contributor
Dear community,

we have one problem with our new Switches from Extreme an macmon nac. All of the new Switches doesn't show the correct 802.1X Status in macmon. They show "unauthorized" although they are authorized. It seems as if the 802.1X MAC Bypass isn't correct. The 802.1X radius looks good.

Any idea? Any experiences with this topic?

Thanks an kind regards

Franz
15 REPLIES 15

Stefan_K_
Valued Contributor
The second client shows "Auth status: failed" for 802.1x, so there is something wrong with the 802.1x config. It depends on the end-system what happens in such a case... Some end-systems will stop doing 802.1x Auth and fallback to mac-auth, but others won't function, depending on the configuration. (afaik)
On windows this is called "Fallback to unautorized network access" I believe.

FranzR
New Contributor
Which part of Switch configuration do you need and how can i share this?

"show netlogin session port x" files are attached. The second one is from a printer, but the bahaviour is the same.

Stefan_K_
Valued Contributor

Care to share your switch config (the relevant parts)? And also share a "show netlogin session port x", preferably of a port where a user is connect and of a port where a camera is connected.

Best regards

Stefan

FranzR
New Contributor
Hi and Thank you for the response,

yes, we use macmon as radius server. I don't know how macmon determine the port status.

MAC bypass, i mean that there are devices without username, password and / or certifikate. This devices will explicit released with them mac-address. This devices are for e.g. accesspoints or cams. We use macmon to monitor this devices and react before there are problems. A User call us because the client have no connection. A camera doesn't this. 

Stefan_K_
Valued Contributor
Hi,
what do you mean with "802.1x MAC bypass"?

Just to make sure: Everything is working fine, clients are working and are authorized, but in Macmon you see that they are unauthorized?
GTM-P2G8KFN