This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Extreme Networks
- Community List
- Switching & Routing
- ExtremeSwitching (EXOS/Switch Engine)
- Netlogin MAC auth not triggering RADIUS
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Netlogin MAC auth not triggering RADIUS
Netlogin MAC auth not triggering RADIUS
Anonymous
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
04-11-2018 09:17 AM
Hi,
Believe this was working at some point but can't workout where the issue is, but in summary when an end-system is connected to a MAC auth enabled port (22 in this case) its not triggering the RADIUS exchange. This is showing up in the RADIUS counters on the switch remaining 0, and a TCPDUMP on the RADIUS server (NAC) are showing nothing hitting it?
Everything seems to be enabled and configured correctly from what I can tell, no messages are showing in the switch logs, and the switch has been rebooted?
Here is the config:
AAA Configuration:
configure radius netlogin 1 server 10.23.23.142 1812 client-ip 10.255.5.13 vr VR-Default
configure radius 1 shared-secret encrypted "#$IUJ6KZp7XE/QtheSL51gMgVphQvqTQtWtlcSTGc2"
configure radius netlogin 2 server 10.23.23.12 1812 client-ip 10.255.5.13 vr VR-Default
configure radius 2 shared-secret encrypted "#$6ruCKApEePMNVH5CaJp4MwIyg7tNkJpaqKVmet19"
configure radius-accounting netlogin 1 server 10.23.23.142 1813 client-ip 10.255.5.13 vr VR-Default
configure radius-accounting 1 shared-secret encrypted "#$9+bcdiIS9MEBn1zwdRrI+ROwhz0eYfhA6/dJq9ym"
configure radius-accounting 1 timeout 10
configure radius-accounting netlogin 2 server 10.23.23.12 1813 client-ip 10.255.5.13 vr VR-Default
configure radius-accounting 2 shared-secret encrypted "#$p0z1KNo1/B+DgUPPirDnar+R7NScnzCxeonbJIkH"
configure radius-accounting 2 timeout 10
enable radius
disable radius mgmt-access
enable radius netlogin
configure radius timeout 15
enable radius-accounting
disable radius-accounting mgmt-access
enable radius-accounting netlogin
configure account all password-policy min-length 8
configure account all password-policy lockout-on-login-failures on
configure account all password-policy lockout-time-period 5 minutes
Netlogin Configuration:
configure netlogin vlan nt_login
enable netlogin mac
configure netlogin mac authentication database-order radius
configure netlogin add mac-list ff:ff:ff:ff:ff:ff 48
enable netlogin ports 20-22 mac
configure netlogin ports 20 mode port-based-vlans
configure netlogin ports 20 no-restart
configure netlogin ports 21 mode port-based-vlans
configure netlogin ports 21 no-restart
configure netlogin ports 22 mode port-based-vlans
configure netlogin ports 22 no-restart
configure netlogin authentication failure vlan Default ports 20-22
configure netlogin authentication service-unavailable vlan Default ports 20-22
Show Radius:
Radius Default State: enabled
Radius Default Timeout: 15 seconds
Radius Algorithm: standard
Radius Retries: 3
Switch Management Radius: disabled
Switch Management Radius server connect time out: 15 seconds *
Switch Management Radius Accounting: disabled
Switch Management Radius Accounting server connect time out: 3 seconds
Netlogin Radius: enabled
Netlogin Radius server connect time out: 15 seconds *
Netlogin Radius Accounting: enabled
Netlogin Radius Accounting server connect time out: 3 seconds
Radius server : 1 Status is Active
host name :
IP address : 10.23.23.142
Server IP Port: 1812
Client address: 10.255.5.13 (VR-Default)
Retries : 3 *
Timeout : 15 *
Realm : Netlogin
shared secret : #$IUJ6KZp7XE/QtheSL51gMgVphQvqTQtWtlcSTGc2
Access Requests : 0 Access Accepts : 0
Access Rejects : 0 Access Challenges : 0
Access Retransmits: 0 Client timeouts : 0
Bad authenticators: 0 Unknown types : 0
Round Trip Time : 0
Radius server : 2 Status is Active
host name :
IP address : 10.23.23.12
Server IP Port: 1812
Client address: 10.255.5.13 (VR-Default)
Retries : 3 *
Timeout : 15 *
Realm : Netlogin
shared secret : #$6ruCKApEePMNVH5CaJp4MwIyg7tNkJpaqKVmet19
Access Requests : 0 Access Accepts : 0
Access Rejects : 0 Access Challenges : 0
Access Retransmits: 0 Client timeouts : 0
Bad authenticators: 0 Unknown types : 0
Round Trip Time : 0
Radius Acct server: 1 Status is Active
host name :
IP address : 10.23.23.142
Server IP Port: 1813
Client address: 10.255.5.13 (VR-Default)
Retries : 3
Timeout : 10
Realm : Netlogin
shared secret : #$9+bcdiIS9MEBn1zwdRrI+ROwhz0eYfhA6/dJq9ym
Acct Requests : 0 Acct Responses : 0
Acct Retransmits : 0 Timeouts : 0
Radius Acct server: 2 Status is Active
host name :
IP address : 10.23.23.12
Server IP Port: 1813
Client address: 10.255.5.13 (VR-Default)
Retries : 3
Timeout : 10
Realm : Netlogin
shared secret : #$p0z1KNo1/B+DgUPPirDnar+R7NScnzCxeonbJIkH
Acct Requests : 0 Acct Responses : 0
Acct Retransmits : 0 Timeouts : 0
Legend: An asterisk (*) indicates a global value is in use.
Show netlogin port 22
Port : 22
Port Restart : Disabled
Allow Egress : None
Vlan : ELRP-Ctrl
Authentication : mac-based
Port State : Enabled
Auth Failure Vlan : Disabled
Auth Service-Unavailable Vlan : Disabled
------------------------------------------------
MAC Mode Port Configuration
------------------------------------------------
Re-authentication period : 3600
Re-authentication : Off
Authentication Delay : 0 seconds (Default)
------------------------------------------------
Netlogin Clients
------------------------------------------------
MAC IP address Authenticated Type ReAuth-Timer User
-----------------------------------------------
(B) - Client entry Blackholed in FDB
Port : 22
Port Restart : Disabled
Allow Egress : None
Vlan : Hitchin_VC_1st
Authentication : mac-based
Port State : Enabled
Auth Failure Vlan : Disabled
Auth Service-Unavailable Vlan : Disabled
------------------------------------------------
MAC Mode Port Configuration
------------------------------------------------
Re-authentication period : 3600
Re-authentication : Off
Authentication Delay : 0 seconds (Default)
------------------------------------------------
Netlogin Clients
------------------------------------------------
MAC IP address Authenticated Type ReAuth-Timer User
-----------------------------------------------
(B) - Client entry Blackholed in FDB
Number of Clients Authenticated : 0
Show port 22 information detail:
Port: 22(ARE-RH-L1-10):
Description String: "VC Reservered Ports"
Virtual-router: VR-Default
Type: UTP
Redundant Type: NONE
Random Early drop: Unsupported
Admin state: Enabled
Copper Medium Configuration: 100M full-duplex auto-polarity on
Fiber Medium Configuration: auto-speed sensing auto-duplex
Link State: Active, 100Mbps, full-duplex
Link Ups: 2 Last: Wed Apr 11 10:35:30 2018
Link Downs: 1 Last: Wed Apr 11 10:35:16 2018
VLAN cfg:
Name: ELRP-Ctrl, 802.1Q Tag = 3100, MAC-limit = No-limit, Virtual router: VR-Default
Port-specific VLAN ID: 3100
Name: Hitchin_VC_1st, Internal Tag = 1002, MAC-limit = No-limit, Virtual router: VR-Default
STP cfg:
Protocol:
Name: Hitchin_VC_1st Protocol: ANY Match all protocols.
Trunking: Load sharing is not enabled.
EDP: Enabled
EEE: Disabled
ELSM: Disabled
Ethernet OAM: Disabled
Learning: Enabled
Unicast Flooding: Enabled
Multicast Flooding: Enabled
Broadcast Flooding: Enabled
Jumbo: Disabled
Flow Control: Rx-Pause: Disabled Tx-Pause: Disabled
Priority Flow Control: Disabled
Reflective Relay: Disabled
Link up/down SNMP trap filter setting: Disabled
Egress Port Rate: No-limit
Broadcast Rate: 300 packets-per-second
Multicast Rate: No-limit
Unknown Dest Mac Rate: No-limit
QoS Profile: None configured
Ingress Rate Shaping : Unsupported
Ingress IPTOS Examination: Enabled
Ingress 802.1p Examination: Disabled
Ingress 802.1p Inner Exam: Disabled
Ingress 802.1p Priority: 0
Egress IPTOS Replacement: Disabled
Egress 802.1p Replacement: Disabled
NetLogin: Enabled
NetLogin authentication mode: MAC based
NetLogin port mode: Port based VLANs
Smart redundancy: Enabled
Software redundant port: Disabled
IPFIX: Disabled Metering: Ingress, All Packets, All Traffic
IPv4 Flow Key Mask: SIP: 255.255.255.255 DIP: 255.255.255.255
IPv6 Flow Key Mask: SIP: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
DIP: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
auto-polarity: Enabled
Preferred medium: Fiber
Shared packet buffer: default
VMAN CEP egress filtering: Disabled
Isolation: Off
PTP Configured: Disabled
Time-Stamping Mode: None
Synchronous Ethernet: Unsupported
Dynamic VLAN Uplink: Disabled
VM Tracking Dynamic VLANs: Disabled
Verbose logs from NAC:
2018-04-11 11:51:50,176 INFO [esd] Enabling verbose diagnostics for MAC: 00-13-FA-0B-19-11
2018-04-11 11:51:57,811 DEBUG [esd] ESDMAC:0B-19-11 EndSystemActionRequestHandler - Processing action: (reauthentication) on end system: 00-13-FA-0B-19-11, IP: null, user: , reason: UserSpecified(USER_INITIATED_REAUTH), from appliance: false
2018-04-11 11:51:57,813 DEBUG [esd] ESDMAC:0B-19-11 EndSystemActionRequestHandler - This NAC engine is the current appliance, so reauth.
2018-04-11 11:51:57,813 DEBUG [esd] ESDMAC:0B-19-11 EndSystemActionRequestHandler - Reauthing end system: 00-13-FA-0B-19-11
2018-04-11 11:51:57,813 DEBUG [esd] ESDMAC:0B-19-11 ReauthTask - Calculating if a re-authentication really needs to be performed for reason: USER_INITIATED_REAUTH.
2018-04-11 11:51:57,813 DEBUG [esd] ESDMAC:0B-19-11 ReauthTask - The re-authentication request is being processed because the reauth reason: "USER_INITIATED_REAUTH" is not for a data change.
2018-04-11 11:51:57,814 DEBUG [esd] ESDMAC:0B-19-11 ReauthTask - Re-authentication running for Switch: 10.255.5.13, Port : 1022, Port Name : 1:22, Port Alias: VC Reservered Ports, MAC: 00-13-FA-0B-19-11, Reason: USER_INITIATED_REAUTH
2018-04-11 11:51:57,814 INFO [esd] ESDMAC:0B-19-11 ReauthSnmpTask - Executing Reauth for MAC: 00-13-FA-0B-19-11, IP: null for NAS switch 10.255.5.13 switchPort 1022 reason: USER_INITIATED_REAUTH all sessions
2018-04-11 11:51:57,814 DEBUG [esd] ESDMAC:0B-19-11 ReauthSnmpTask - Not using toggle link for session: AUTH_MAC => Rejected: false shouldToggleLinkForRejectedEapTlsOnReauth: true ID: 2025282951
2018-04-11 11:51:57,814 INFO [esd] ESDMAC:0B-19-11 ExtremeXosReauthenticationSnmpWorker - Starting Extreme Reauthentication for MAC: 00-13-FA-0B-19-11 on switch: 10.255.5.13 and port: 1022
2018-04-11 11:51:57,814 DEBUG [esd] ESDMAC:0B-19-11 ExtremeXosReauthenticationSnmpWorker - *Not* using port initialization (Switch setting for: 1.3.6.1.4.1.1916.2.175 use initialize: false) & (Attributes to send: No Attributes use initialize: false)
2018-04-11 11:51:57,814 INFO [esd] ESDMAC:0B-19-11 ExtremeXosReauthenticationSnmpWorker - Reauthenticating using Dot1X Auth Reauthenticate for MAC: 00-13-FA-0B-19-11
2018-04-11 11:51:57,814 DEBUG [esd] ESDMAC:0B-19-11 ExtremeXosReauthenticationSnmpWorker - using OID: 1.0.8802.1.2.1.2.1.2.1.2.0.19.250.11.25.17
2018-04-11 11:51:58,062 DEBUG [esd] ESDMAC:0B-19-11 ExtremeXosReauthenticationSnmpWorker - Unable set dot1xAuthReauthenticate2(1.0.8802.1.2.1.2.1.2.1.2.0.19.250.11.25.17) from switch: 10.255.5.13, with error: Error writting to OID: "1.0.8802.1.2.1.2.1.2.1.2.0.19.250.11.25.17", with value: 1", with SNMP error: SNMP_ERROR_COMMIT_FAILED.
2018-04-11 11:51:58,062 DEBUG [esd] ESDMAC:0B-19-11 ExtremeXosReauthenticationSnmpWorker - Clearing of 802.1X sessions for entire port is *not* allowed, so skipping reauthenticating using dot1xPaePortReauth for switch port: 1022
2018-04-11 11:51:58,062 INFO [esd] ESDMAC:0B-19-11 ExtremeXosReauthenticationSnmpWorker - Reauthenticating using Extreme MAC Auth Client Reauthenticate OID for MAC: 00-13-FA-0B-19-11
2018-04-11 11:51:58,062 DEBUG [esd] ESDMAC:0B-19-11 ExtremeXosReauthenticationSnmpWorker - using OID: 1.3.6.1.4.1.1916.1.44.1.1.1.3.0.19.250.11.25.17
2018-04-11 11:51:58,240 DEBUG [esd] ESDMAC:0B-19-11 ExtremeXosReauthenticationSnmpWorker - Unable set OID: (1.3.6.1.4.1.1916.1.44.1.1.1.3.0.19.250.11.25.17) for switch: 10.255.5.13, with error: Error writting to OID: "1.3.6.1.4.1.1916.1.44.1.1.1.3.0.19.250.11.25.17", with value: 1", with SNMP error: SNMP_ERROR_NOT_WRITEABLE.
2018-04-11 11:51:58,240 DEBUG [esd] ESDMAC:0B-19-11 ExtremeXosReauthenticationSnmpWorker - *Not* falling back to toggle link because option is disabled.
2018-04-11 11:51:58,240 DEBUG [esd] ESDMAC:0B-19-11 ExtremeXosReauthenticationSnmpWorker - 802.1X Reauthentication was: *not* successful
2018-04-11 11:51:58,240 DEBUG [esd] ESDMAC:0B-19-11 ExtremeXosReauthenticationSnmpWorker - MAC Reauthentication was: *not* successful
2018-04-11 11:51:58,240 INFO [esd] ESDMAC:0B-19-11 ExtremeXosReauthenticationSnmpWorker - Reauthentication was: *not* successful
2018-04-11 11:51:58,240 DEBUG [esd] ESDMAC:0B-19-11 ReauthTask - Re-authentication failed. Switch: 10.255.5.13, Port : 1022, Port Name : 1:22, Port Alias: VC Reservered Ports, MAC: 00-13-FA-0B-19-11, Reason: USER_INITIATED_REAUTH
The switch is a X440G1 running version 16.2.3.5 patch1-3
Thanks for any help in advance.
Believe this was working at some point but can't workout where the issue is, but in summary when an end-system is connected to a MAC auth enabled port (22 in this case) its not triggering the RADIUS exchange. This is showing up in the RADIUS counters on the switch remaining 0, and a TCPDUMP on the RADIUS server (NAC) are showing nothing hitting it?
Everything seems to be enabled and configured correctly from what I can tell, no messages are showing in the switch logs, and the switch has been rebooted?
Here is the config:
AAA Configuration:
configure radius netlogin 1 server 10.23.23.142 1812 client-ip 10.255.5.13 vr VR-Default
configure radius 1 shared-secret encrypted "#$IUJ6KZp7XE/QtheSL51gMgVphQvqTQtWtlcSTGc2"
configure radius netlogin 2 server 10.23.23.12 1812 client-ip 10.255.5.13 vr VR-Default
configure radius 2 shared-secret encrypted "#$6ruCKApEePMNVH5CaJp4MwIyg7tNkJpaqKVmet19"
configure radius-accounting netlogin 1 server 10.23.23.142 1813 client-ip 10.255.5.13 vr VR-Default
configure radius-accounting 1 shared-secret encrypted "#$9+bcdiIS9MEBn1zwdRrI+ROwhz0eYfhA6/dJq9ym"
configure radius-accounting 1 timeout 10
configure radius-accounting netlogin 2 server 10.23.23.12 1813 client-ip 10.255.5.13 vr VR-Default
configure radius-accounting 2 shared-secret encrypted "#$p0z1KNo1/B+DgUPPirDnar+R7NScnzCxeonbJIkH"
configure radius-accounting 2 timeout 10
enable radius
disable radius mgmt-access
enable radius netlogin
configure radius timeout 15
enable radius-accounting
disable radius-accounting mgmt-access
enable radius-accounting netlogin
configure account all password-policy min-length 8
configure account all password-policy lockout-on-login-failures on
configure account all password-policy lockout-time-period 5 minutes
Netlogin Configuration:
configure netlogin vlan nt_login
enable netlogin mac
configure netlogin mac authentication database-order radius
configure netlogin add mac-list ff:ff:ff:ff:ff:ff 48
enable netlogin ports 20-22 mac
configure netlogin ports 20 mode port-based-vlans
configure netlogin ports 20 no-restart
configure netlogin ports 21 mode port-based-vlans
configure netlogin ports 21 no-restart
configure netlogin ports 22 mode port-based-vlans
configure netlogin ports 22 no-restart
configure netlogin authentication failure vlan Default ports 20-22
configure netlogin authentication service-unavailable vlan Default ports 20-22
Show Radius:
Radius Default State: enabled
Radius Default Timeout: 15 seconds
Radius Algorithm: standard
Radius Retries: 3
Switch Management Radius: disabled
Switch Management Radius server connect time out: 15 seconds *
Switch Management Radius Accounting: disabled
Switch Management Radius Accounting server connect time out: 3 seconds
Netlogin Radius: enabled
Netlogin Radius server connect time out: 15 seconds *
Netlogin Radius Accounting: enabled
Netlogin Radius Accounting server connect time out: 3 seconds
Radius server : 1 Status is Active
host name :
IP address : 10.23.23.142
Server IP Port: 1812
Client address: 10.255.5.13 (VR-Default)
Retries : 3 *
Timeout : 15 *
Realm : Netlogin
shared secret : #$IUJ6KZp7XE/QtheSL51gMgVphQvqTQtWtlcSTGc2
Access Requests : 0 Access Accepts : 0
Access Rejects : 0 Access Challenges : 0
Access Retransmits: 0 Client timeouts : 0
Bad authenticators: 0 Unknown types : 0
Round Trip Time : 0
Radius server : 2 Status is Active
host name :
IP address : 10.23.23.12
Server IP Port: 1812
Client address: 10.255.5.13 (VR-Default)
Retries : 3 *
Timeout : 15 *
Realm : Netlogin
shared secret : #$6ruCKApEePMNVH5CaJp4MwIyg7tNkJpaqKVmet19
Access Requests : 0 Access Accepts : 0
Access Rejects : 0 Access Challenges : 0
Access Retransmits: 0 Client timeouts : 0
Bad authenticators: 0 Unknown types : 0
Round Trip Time : 0
Radius Acct server: 1 Status is Active
host name :
IP address : 10.23.23.142
Server IP Port: 1813
Client address: 10.255.5.13 (VR-Default)
Retries : 3
Timeout : 10
Realm : Netlogin
shared secret : #$9+bcdiIS9MEBn1zwdRrI+ROwhz0eYfhA6/dJq9ym
Acct Requests : 0 Acct Responses : 0
Acct Retransmits : 0 Timeouts : 0
Radius Acct server: 2 Status is Active
host name :
IP address : 10.23.23.12
Server IP Port: 1813
Client address: 10.255.5.13 (VR-Default)
Retries : 3
Timeout : 10
Realm : Netlogin
shared secret : #$p0z1KNo1/B+DgUPPirDnar+R7NScnzCxeonbJIkH
Acct Requests : 0 Acct Responses : 0
Acct Retransmits : 0 Timeouts : 0
Legend: An asterisk (*) indicates a global value is in use.
Show netlogin port 22
Port : 22
Port Restart : Disabled
Allow Egress : None
Vlan : ELRP-Ctrl
Authentication : mac-based
Port State : Enabled
Auth Failure Vlan : Disabled
Auth Service-Unavailable Vlan : Disabled
------------------------------------------------
MAC Mode Port Configuration
------------------------------------------------
Re-authentication period : 3600
Re-authentication : Off
Authentication Delay : 0 seconds (Default)
------------------------------------------------
Netlogin Clients
------------------------------------------------
MAC IP address Authenticated Type ReAuth-Timer User
-----------------------------------------------
(B) - Client entry Blackholed in FDB
Port : 22
Port Restart : Disabled
Allow Egress : None
Vlan : Hitchin_VC_1st
Authentication : mac-based
Port State : Enabled
Auth Failure Vlan : Disabled
Auth Service-Unavailable Vlan : Disabled
------------------------------------------------
MAC Mode Port Configuration
------------------------------------------------
Re-authentication period : 3600
Re-authentication : Off
Authentication Delay : 0 seconds (Default)
------------------------------------------------
Netlogin Clients
------------------------------------------------
MAC IP address Authenticated Type ReAuth-Timer User
-----------------------------------------------
(B) - Client entry Blackholed in FDB
Number of Clients Authenticated : 0
Show port 22 information detail:
Port: 22(ARE-RH-L1-10):
Description String: "VC Reservered Ports"
Virtual-router: VR-Default
Type: UTP
Redundant Type: NONE
Random Early drop: Unsupported
Admin state: Enabled
Copper Medium Configuration: 100M full-duplex auto-polarity on
Fiber Medium Configuration: auto-speed sensing auto-duplex
Link State: Active, 100Mbps, full-duplex
Link Ups: 2 Last: Wed Apr 11 10:35:30 2018
Link Downs: 1 Last: Wed Apr 11 10:35:16 2018
VLAN cfg:
Name: ELRP-Ctrl, 802.1Q Tag = 3100, MAC-limit = No-limit, Virtual router: VR-Default
Port-specific VLAN ID: 3100
Name: Hitchin_VC_1st, Internal Tag = 1002, MAC-limit = No-limit, Virtual router: VR-Default
STP cfg:
Protocol:
Name: Hitchin_VC_1st Protocol: ANY Match all protocols.
Trunking: Load sharing is not enabled.
EDP: Enabled
EEE: Disabled
ELSM: Disabled
Ethernet OAM: Disabled
Learning: Enabled
Unicast Flooding: Enabled
Multicast Flooding: Enabled
Broadcast Flooding: Enabled
Jumbo: Disabled
Flow Control: Rx-Pause: Disabled Tx-Pause: Disabled
Priority Flow Control: Disabled
Reflective Relay: Disabled
Link up/down SNMP trap filter setting: Disabled
Egress Port Rate: No-limit
Broadcast Rate: 300 packets-per-second
Multicast Rate: No-limit
Unknown Dest Mac Rate: No-limit
QoS Profile: None configured
Ingress Rate Shaping : Unsupported
Ingress IPTOS Examination: Enabled
Ingress 802.1p Examination: Disabled
Ingress 802.1p Inner Exam: Disabled
Ingress 802.1p Priority: 0
Egress IPTOS Replacement: Disabled
Egress 802.1p Replacement: Disabled
NetLogin: Enabled
NetLogin authentication mode: MAC based
NetLogin port mode: Port based VLANs
Smart redundancy: Enabled
Software redundant port: Disabled
IPFIX: Disabled Metering: Ingress, All Packets, All Traffic
IPv4 Flow Key Mask: SIP: 255.255.255.255 DIP: 255.255.255.255
IPv6 Flow Key Mask: SIP: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
DIP: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
auto-polarity: Enabled
Preferred medium: Fiber
Shared packet buffer: default
VMAN CEP egress filtering: Disabled
Isolation: Off
PTP Configured: Disabled
Time-Stamping Mode: None
Synchronous Ethernet: Unsupported
Dynamic VLAN Uplink: Disabled
VM Tracking Dynamic VLANs: Disabled
Verbose logs from NAC:
2018-04-11 11:51:50,176 INFO [esd] Enabling verbose diagnostics for MAC: 00-13-FA-0B-19-11
2018-04-11 11:51:57,811 DEBUG [esd] ESDMAC:0B-19-11 EndSystemActionRequestHandler - Processing action: (reauthentication) on end system: 00-13-FA-0B-19-11, IP: null, user: , reason: UserSpecified(USER_INITIATED_REAUTH), from appliance: false
2018-04-11 11:51:57,813 DEBUG [esd] ESDMAC:0B-19-11 EndSystemActionRequestHandler - This NAC engine is the current appliance, so reauth.
2018-04-11 11:51:57,813 DEBUG [esd] ESDMAC:0B-19-11 EndSystemActionRequestHandler - Reauthing end system: 00-13-FA-0B-19-11
2018-04-11 11:51:57,813 DEBUG [esd] ESDMAC:0B-19-11 ReauthTask - Calculating if a re-authentication really needs to be performed for reason: USER_INITIATED_REAUTH.
2018-04-11 11:51:57,813 DEBUG [esd] ESDMAC:0B-19-11 ReauthTask - The re-authentication request is being processed because the reauth reason: "USER_INITIATED_REAUTH" is not for a data change.
2018-04-11 11:51:57,814 DEBUG [esd] ESDMAC:0B-19-11 ReauthTask - Re-authentication running for Switch: 10.255.5.13, Port : 1022, Port Name : 1:22, Port Alias: VC Reservered Ports, MAC: 00-13-FA-0B-19-11, Reason: USER_INITIATED_REAUTH
2018-04-11 11:51:57,814 INFO [esd] ESDMAC:0B-19-11 ReauthSnmpTask - Executing Reauth for MAC: 00-13-FA-0B-19-11, IP: null for NAS switch 10.255.5.13 switchPort 1022 reason: USER_INITIATED_REAUTH all sessions
2018-04-11 11:51:57,814 DEBUG [esd] ESDMAC:0B-19-11 ReauthSnmpTask - Not using toggle link for session: AUTH_MAC => Rejected: false shouldToggleLinkForRejectedEapTlsOnReauth: true ID: 2025282951
2018-04-11 11:51:57,814 INFO [esd] ESDMAC:0B-19-11 ExtremeXosReauthenticationSnmpWorker - Starting Extreme Reauthentication for MAC: 00-13-FA-0B-19-11 on switch: 10.255.5.13 and port: 1022
2018-04-11 11:51:57,814 DEBUG [esd] ESDMAC:0B-19-11 ExtremeXosReauthenticationSnmpWorker - *Not* using port initialization (Switch setting for: 1.3.6.1.4.1.1916.2.175 use initialize: false) & (Attributes to send: No Attributes use initialize: false)
2018-04-11 11:51:57,814 INFO [esd] ESDMAC:0B-19-11 ExtremeXosReauthenticationSnmpWorker - Reauthenticating using Dot1X Auth Reauthenticate for MAC: 00-13-FA-0B-19-11
2018-04-11 11:51:57,814 DEBUG [esd] ESDMAC:0B-19-11 ExtremeXosReauthenticationSnmpWorker - using OID: 1.0.8802.1.2.1.2.1.2.1.2.0.19.250.11.25.17
2018-04-11 11:51:58,062 DEBUG [esd] ESDMAC:0B-19-11 ExtremeXosReauthenticationSnmpWorker - Unable set dot1xAuthReauthenticate2(1.0.8802.1.2.1.2.1.2.1.2.0.19.250.11.25.17) from switch: 10.255.5.13, with error: Error writting to OID: "1.0.8802.1.2.1.2.1.2.1.2.0.19.250.11.25.17", with value: 1", with SNMP error: SNMP_ERROR_COMMIT_FAILED.
2018-04-11 11:51:58,062 DEBUG [esd] ESDMAC:0B-19-11 ExtremeXosReauthenticationSnmpWorker - Clearing of 802.1X sessions for entire port is *not* allowed, so skipping reauthenticating using dot1xPaePortReauth for switch port: 1022
2018-04-11 11:51:58,062 INFO [esd] ESDMAC:0B-19-11 ExtremeXosReauthenticationSnmpWorker - Reauthenticating using Extreme MAC Auth Client Reauthenticate OID for MAC: 00-13-FA-0B-19-11
2018-04-11 11:51:58,062 DEBUG [esd] ESDMAC:0B-19-11 ExtremeXosReauthenticationSnmpWorker - using OID: 1.3.6.1.4.1.1916.1.44.1.1.1.3.0.19.250.11.25.17
2018-04-11 11:51:58,240 DEBUG [esd] ESDMAC:0B-19-11 ExtremeXosReauthenticationSnmpWorker - Unable set OID: (1.3.6.1.4.1.1916.1.44.1.1.1.3.0.19.250.11.25.17) for switch: 10.255.5.13, with error: Error writting to OID: "1.3.6.1.4.1.1916.1.44.1.1.1.3.0.19.250.11.25.17", with value: 1", with SNMP error: SNMP_ERROR_NOT_WRITEABLE.
2018-04-11 11:51:58,240 DEBUG [esd] ESDMAC:0B-19-11 ExtremeXosReauthenticationSnmpWorker - *Not* falling back to toggle link because option is disabled.
2018-04-11 11:51:58,240 DEBUG [esd] ESDMAC:0B-19-11 ExtremeXosReauthenticationSnmpWorker - 802.1X Reauthentication was: *not* successful
2018-04-11 11:51:58,240 DEBUG [esd] ESDMAC:0B-19-11 ExtremeXosReauthenticationSnmpWorker - MAC Reauthentication was: *not* successful
2018-04-11 11:51:58,240 INFO [esd] ESDMAC:0B-19-11 ExtremeXosReauthenticationSnmpWorker - Reauthentication was: *not* successful
2018-04-11 11:51:58,240 DEBUG [esd] ESDMAC:0B-19-11 ReauthTask - Re-authentication failed. Switch: 10.255.5.13, Port : 1022, Port Name : 1:22, Port Alias: VC Reservered Ports, MAC: 00-13-FA-0B-19-11, Reason: USER_INITIATED_REAUTH
The switch is a X440G1 running version 16.2.3.5 patch1-3
Thanks for any help in advance.
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
04-11-2018 09:51 AM
Hi
What kind of end system did you connect? I had these problem, just end system didn't generate any traffic.
Regards
What kind of end system did you connect? I had these problem, just end system didn't generate any traffic.
Regards
