Article ID: 16051
Products
I-Series; firmware 6.61.07.0010 through 6.61.09.0012
G-Series; firmware 6.61.07.0010 through 6.61.09.0012
C5-Series; firmware 6.61.07.0010 through 6.61.09.0012, 6.71.01.0067 through 6.71.02.0008
C3-Series; firmware 6.61.07.0010 through 6.61.09.0012
B5-Series; firmware 6.61.07.0010 through 6.61.09.0012, 6.71.01.0067 through 6.71.02.0008
B3-Series; firmware 6.61.07.0010 through 6.61.09.0012
A4-Series; firmware 6.61.07.0010 through 6.61.09.0012, 6.71.01.0067 through 6.71.02.0008
Changes
Configured for 802.1x Authentication ('
', '
') and Policy ('
').
Symptoms
When a user is 802.1x-authenticated with application of a dynamic policy, and that policy profile is configured to assign the port's PVID VLAN ('
code:pvid-status enable pvid 4095
'); some EAP packets (destination MAC
) are flooded/leaked out all ports.
Receipt of those EAP packets triggers some 802.1x supplicants to also authenticate - resulting in a cascading effect.
Solution
Upgrade to 6.61 firmware 6.61.10.0008 or higher.
For the C5/B5/A4-Series, also fixed in firmware 6.71.03.0025 and higher.
See also:
5532.
