This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Delaying NEAP (MAC auth) on VOSS until EAP is attempted

Delaying NEAP (MAC auth) on VOSS until EAP is attempted

James_A
Valued Contributor

Sunday

Is it possible to delay NEAP authentication until an EAP request is sent? When our laptops go to sleep, on wakeup sometimes NEAP is tried and succeeds before any EAP request happens (and I ran wireshark to confirm no EAP packets are seen by the client), so the laptop doesn't get put back into the right I-SID. I found

https://extreme-networks.my.site.com/ExtrArticleDetail?an=000105722

which (while about something else) says that VOSS doesn't have the ability to delay NEAP authentication, is that still the case?

Side note - the KB results returned in the search bar on this community link to empty pages:

https://community.extremenetworks.com/t5/custom/page/page-id/CrmArticlePage?ka-guid=ka8Um000000ICsLI...

 

0 Kudos
3 REPLIES 3

EF
Contributor II

yesterday

Hello James,

In my case I dont like see a lot of useless entries NEAP in the RADIUS from devices EAP capable , so configure NEAP only on ports on it is needed.

As a trick you can enable STP (disable edge) on ports, maybe it can give enought time to supplicant to respond EAP before NEAP happens.

Regards

EF

 

0 Kudos

James_A
Valued Contributor
In response to EF

7 hours ago

I'm using auto-sense which enables both. It's also not so much about delay as EAP not being tried at all.

0 Kudos

Yoann_Jonard
New Contributor II

Monday

Hello James,

From what I know this is still the case and you cannot delay NEAP authentication.

You can be more specific in your Control rules to expect EAP authentication method only for your computer, so if a computer tries to authenticate with NEAP it gets rejected. That's what we are doing and it works pretty well.

 


Yoann Jonard
SIER SARL
Switzerland
0 Kudos
GTM-P2G8KFN