This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

802.1x Clients No Waking After Going To Sleep

802.1x Clients No Waking After Going To Sleep

Anonymous
Not applicable

‎07-08-2019 04:07 PM

Hi,

Currently have an issue where 802.1x clients using machine certs (8021.x) keep dropping off the network?

The port is configured for 802.1x, MAC and CEP authentication.

  • 802.1x or PC's
  • MAC for phones and other devices
  • CEP for phones to assign voice VLAN should NAC's go offline
Firmware

  • EXOS = 22.6.1.4
  • XMC = 8.2.4.42
On further investigation it seems clients can re-join by bouncing the network interface. It also seems that the issue is possibly related to the end-system going to sleep, maybe for around an hour or more.

Considered using the command:

code:
configure netlogin ports 1:7 allow egress-traffic all_cast
configure netlogin ports 1:7 restart



But this no longer seems available:

code:
Slot-1 Far-B20_23-GND.2 # configure netlogin ports 1:7 allow egress-traffic all_cast
                               ^
%% Invalid number detected at '^' marker.
Slot-1 Far-B20_23-GND.3 # configure netlogin ports 1:7 ?
 allowed-users  Number of users allowed per port
 authentication Configure port authentication settings
 trap      Enable/Disable/Prohibit trap on first rule use



When looking at the netlogin parameters there is a timer for 'Quiet Period', that could be related to the issue.

code:
Slot-1 Far-B20_23-GND.1 # show netlogin port 1:7
Port             : 1:7
Authentication        : 802.1x, mac-based
Port State          : Enabled
Authentication Mode      : Optional (Policy Enabled only)
Max Supported Users      : 6144 (Policy Enabled only)
Allowed Users         : 128 (Policy Enabled only)
Current Users         : 1 (Policy Enabled only)
------------------------------------------------
    802.1x Port Configuration
------------------------------------------------
Quiet Period         : 60
Supplicant Response Timeout  : 30
Re-authentication       : On
Re-authentication period   : 3600
Max Re-authentications    : 3
RADIUS server timeout     : 30
------------------------------------------------
    MAC Mode Port Configuration
------------------------------------------------
Re-authentication period   : 3600
Re-authentication       : On
Authentication Delay     : 0 seconds (Default)
------------------------------------------------
    Netlogin Clients
------------------------------------------------

MAC        IP address    Authenticated   Type  ReAuth-Timer  User      
a0:d3:c1:15:29:8e 0.0.0.0     Yes, Radius    802.1x 2276      host/companny-1853.compannyr.co.uk
-----------------------------------------------
(B) - Client entry Blackholed in FDB



I could adjust the timer, but that doesn't really fix the issue as the problem is the wake-up doesn't seem be enough to re-initiate the connection.

So at this point I'm not sure if there is an Extreme or Windows configuration I can implement to cure the issue.

Not sure (need to check) if the 'Quick Period' 60 is seconds or minutes. I know the Re-authentication period is in seconds. Maybe the answer is to perhaps, say, adjust the re-auth time to be within the quiet period if both are seconds?

Not sure if anyone else has experienced the same issue?

Many thanks in advance.
0 Kudos
0 REPLIES 0
GTM-P2G8KFN