This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Network Login 802.1x with Mitel phone 6865i and X440 fails because of a link down

Network Login 802.1x with Mitel phone 6865i and X440 fails because of a link down

Claude_COPAVER
New Contributor

‎05-12-2016 12:19 PM

Environment : EXOS X440-48P version 15.6.3.1 patch 1-5, X150-24t version 12.6.5.2,
Mitel phones Mitel 6865i version 4.0.0.2031, FreeRADIUS, DHCP server
LLDP is not configured on the switches and the phones VLAN is dynamicaly created on the switches after the phones are authenticated

As you can see below,the proccess is succesfull with X150-24t
08:24:38.44 Network Login 802.1x user AuthUser logged in MAC XX:XX:XX:XX:XX:XX port 15 VLAN(s) "V_VOICE", authentication Radius
08:24:37.83 port 15 link UP at speed 100 Mbps and full-duplex
08:24:36.18 Network Login user AuthUser cleared due to link down event, Mac XX:XX:XX:XX:XX:XX port 15 VLAN(s) "V_VOICE"
08:24:36.18 port 15 link down
08:24:32.55 Network Login 802.1x user AuthUser logged in MAC XX:XX:XX:XX:XX:XX port 15 VLAN(s) "V_VOICE", authentication Radius
08:24:03.64 port 15 link UP at speed 100 Mbps and full-duplex
08:23:25.44 Port 24 link UP at speed 100 Mbps and full-duplex
08:23:08.62 port 15 link down
08:23:08.56 port 15 link UP at speed 100 Mbps and full-duplex


With X440-48P,the proccess failed after the link down


09:15:11.01 port 15 link UP at speed 1 Gbps and full-duplex
09:15:08.18 Network Login user AuthUser cleared due to link down event, Mac XX:XX:XX:XX:XX:XX port 15 VLAN(s) "V_VOICE"
09:15:08.17 port 15 link down
09:15:02.92 Network Login 802.1x user AuthUser logged in MAC XX:XX:XX:XX:XX:XX port 15 VLAN(s) "V_VOICE", authentication Radius
09:14:36.76 port 15 link UP at speed 1 Gbps and full-duplex
09:14:36.45 port 15 is delivering power

Can you help in finding an issue for X440, many thanks.

ColoCopa
0 Kudos
20 REPLIES 20

StephenW
Extreme Employee
In response to Kevin_Kim

‎05-12-2016 08:56 PM

If EXOS 12.6.5.2 authenticates without a EAPoL start then 12.6.5.2 would not be working per RFC.
0 Kudos

Kevin_Kim
Extreme Employee
In response to Kevin_Kim

‎05-12-2016 08:56 PM

If the EAP success packet is part of authentication process before the link goes down, it appears that an EAPoL start packet was not received on the switch after the link bounced. I don't know what would make a difference between two switches but the switch should receive an EAPoL start packet to initiate the authentication process. You may need to check if the phone sends an EAPoL start after the link bounces. Since you don't see the same problem with manual link setting, it could be related to auto negotiation. But, no known issue that I know of.
0 Kudos

Claude_COPAVER
New Contributor
In response to Kevin_Kim

‎05-12-2016 08:56 PM

Yes, after the success the link down comes, the switch clears the netlogin user, the phone goes to a DHCP discover, the link becomes up.
0 Kudos

Kevin_Kim
Extreme Employee
In response to Kevin_Kim

‎05-12-2016 08:56 PM

No. Time Source Destination Protocol Length Info
13 4.919453599 ExtremeN_yy:yy:yy Aastra_zz:zz:zz EAP 68 Success

In the above packet trace, X440 sent the EAP authentication success packet to the phone. Is this captured when you see a problem?
0 Kudos

StephenW
Extreme Employee
In response to Kevin_Kim

‎05-12-2016 08:56 PM

The configuration looks the same from what you sent me but the default configuration not shown in this output could be different. Check both switches "show config netlogin detail" and let me know what's different.

Does the link still go down after the first authentication when the phones port speed are configured manually?

I would like to see what the x150 capture looks like.
0 Kudos
GTM-P2G8KFN