I'm testing 802.1x authentication on extreme XOS. I'm running XOS 184.108.40.206 patch1-5 on x440-8t switch. I've completed the setup based on the documentation provided by extreme. The problem is that I'm receiving Authentication failed for Network Login 802.1x user host/xxxxxx Mac xxxxxxx port x, although if I run a wireshark on my radius server, I see authentication successful for host/xxxxxx. I'm wondering why the switch is considering it as failed. My radius server is a Microsoft 2008R2 NPS server.
You must specify the very same vlan tag and name which was was previously defined in the radius server. This vlan must be present in switch as well. Also I would suggest to use configuration without no-restart port options (but it depends on your conditions). In previous version of XOS there were some serious issues with reauth process on the some port (e.g. plug in the same cable to the port) and it results in auth error. But it is true that this issues were succesfully repaired somewhere in 09-10/2017.
Once I have done that, I started to see the reason why it is failing.
Authentication failed for Network Login 802.1x user host/xxxxx Mac xxxxxxx port 1
Client[1, xxxxxxx] auth move result: Destination VLAN not supplied
Client[1, xxxxxxx] authVlans preprocessing result; Destination VLAN not supplied
802.1X received authentication result 1 for client xxxxxxxxx from AAA
An EAP packet was sent to RADIUS for client xxxxxxxx via AAA
I understood that the switch is expecting the destination vlan from the radius server. I configured it and now it works properly.
I may have wrongly understood the document, however the destination vlan part is put in the additional notes on the documentation, as if it was optional.