This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

5420F and macmon

5420F and macmon

FranzR
New Contributor

‎08-01-2022 04:51 AM

Dear community,

we have one problem with our new Switches from Extreme an macmon nac. All of the new Switches doesn't show the correct 802.1X Status in macmon. They show "unauthorized" although they are authorized. It seems as if the 802.1X MAC Bypass isn't correct. The 802.1X radius looks good.

Any idea? Any experiences with this topic?

Thanks an kind regards

Franz
0 Kudos
15 REPLIES 15

StefanW
New Contributor

‎08-05-2022 08:36 AM

Hi,

after going through the mib file for several hours i think i found the right OIDs to do what we need. I have not tested it through. Maybe someone can tell me if i am on the right way 🙂 I have just imported the mib file (for our envirement it was for exos Version 31.5.1.6) into a mib file explorer and going through every OID.

With this table you are able to read out if mac based authentication is enabled on which port. You are also able to make changes regarding mac-based authentication on a specific port.
etsysMACAuthenticationPortConfigTable
1.3.6.1.4.1.5624.1.2.25.1.2.1

Example:
Port 1 MAC based auth Off/on
etsysMACAuthenticationPortEnable
1.3.6.1.4.1.5624.1.2.25.1.2.1.1.4.1001 = 2(disabled) 1 (enabled)

Reauthenticate Devices on Port 1 -> A Read allways return 2(false)
etsysMACAuthenticationPortInitialize
1.3.6.1.4.1.5624.1.2.25.1.2.1.1.2.1001 = 1(true) 2(false)

This OID reads out the current mac-based authenticated devices and lists them with the index number of the port:
etsysMACAuthenticationMACConfigTable
1.3.6.1.4.1.5624.1.2.25.1.3.1

To read out the Authentication State of a specific Port you can use this table
etsysMultiAuthSessionPortTable
1.3.6.1.4.1.5624.1.2.46.1.4.2

In this table you can find a list of index numbers (ports) and if a device is authenticated or not on this port. Also you can see which authentication methode works or not. For Exampel dot1x fails but mac-based authentication was successful.
The possible Authentication States are:
authSuccess(1), authFailed(2), authInProgress(3), authServerTimeout(4), authTerminated(5)

The status of authentication for this session. A value of authSuccess(1) means authentication was attempted and succeeded. A value of authFailed(2) means authentication was attempted and failed for a reason other than communication timing out with the authorization server. A value of authInProgress(3) means that the authorization process has been started but has not completed yet. A value of authServerTimeout(4) means that the request to the authorization server for this session timed out without a reply from the server. A value of authTerminated(5) indicates that the session was active or in progress and was subsequently terminated. A session may be terminated for several reasons, including but not limited to, session timeout, idle timeout, the ifOperStatus of the interface on which the session was authenticated transitioning out of the up(1) state, or explicit administrative management action.

Best regards
Stefan
0 Kudos

StefanW
New Contributor

‎08-04-2022 05:22 AM

Hi,

we have downloaded the mib file for our exos version. I can't find the right OID to readout if a device on a port is authenticated by dot1x or mac.
On the Switch i can see those information with this command. Does anyone know if there is an OID which readout that information?
29eb17579a844b1c834cf2d1f2cce98c.png
We also need an OID to toggle mac based authentication. On the exos switch the commands would be:
disable netlogin port X mac
enable netlogin port X mac

Best regards
Stefan
0 Kudos

FranzR
New Contributor

‎08-03-2022 05:39 AM

Danke für die Antwort.

Maybe its just a Problem with our way of working 😉

There are two problems with this.
First, every morning I scan our devices to see if there are any devices like cameras, access control, etc. that aren't online.

The second issue is that sometimes when a device like this isn't online, the problem is authentication. Then it works if I toggle authentication off and on.
0 Kudos

Stefan_K_
Valued Contributor

‎08-03-2022 05:31 AM

Sorry, I'm still wondering what exactly is the problem. Is it only about the Auth status in Macmon or is there anything else regarding the authentication that is not working?
0 Kudos
GTM-P2G8KFN