Yes I did, to my surprise my colleague recons setting the uplink on the N3 to optional addressed the issue.
His reference was Article ID: 11537 & Article ID: 5882 His feedback and supposed fix. Thank you all for the contributions. This pointed to the solution. The uplink was forced multiauth on N3 and my suspicion is the N7 is not, so changed it to opt, to match the N7 link…. ________________________________ https://cp-enterasys.kb.net/al/12/3/article.aspx?aid=5882&tab=search&bt=4 https://cp-enterasys.kb.net/al/12/3/article.aspx?aid=11537&searchstring=dot1x&n=11&tab=search&bt=4&r=0.759974122047424&s= Kind Regards Pheko Mamabolo Networks Siemens Southern Africa Corporate AFR IT 300 Janadel Avenue, Midrand, 1685 T: +27(0) 11 652 2938 F: +27(0) 86 506 6018 M: +27(0) 82 487 9822 [email protected] www.siemens.com -----Original Message----- From: Patrick Printz [mailto:[email protected]] Sent: 10 November 2011 01:44 PM To: Enterasys Customer Mailing List Subject: RE: [enterasys] Help with dot1x reauthentication You set eapol to forced auth too, correct? Sent from my Android phone using TouchDown (www.nitrodesk.com) -----Original Message----- From: Mamabolo, Pheko [[email protected]] Received: Thursday, 10 Nov 2011, 1:47am To: Enterasys Customer Mailing List [[email protected]] Subject: RE: [enterasys] Help with dot1x reauthentication Hi Jolyon/Patrick, I increased the times for the following attributes and set the uplink to forced-auth. set dot1x auth-config quietperiod from 3600 to 65535 set dot1x auth-config txperiod from 3600 to 65535 set dot1x auth-config reauthperiod from 3600 to 65535 set dot1x auth-config supptimeout 300 this is the same the highest time. set dot1x auth-config servertimeout 300 this also the highest value. Port : fe.1.25 Station address : 00-01-e3-23-cf-a6 Auth status : in progress Last attempt : SAT NOV 05 12:31:21 2011 Agent type : dot1x Session applied : false Server type : radius VLAN-Tunnel-Attr : None Policy index : 0 Policy name : No policy applied Session timeout : 3610 Session duration : 0,00:00:00 Idle timeout : 300 Idle time : 0,00:00:00 Termination time: Not Terminated Port : fe.1.25 Station address : 00-01-e3-23-cf-a6 Auth status : success Last attempt : SAT NOV 05 12:31:21 2011 Agent type : mac Session applied : true Server type : radius VLAN-Tunnel-Attr : None --More-- <space> next page, <cr> one line, <q> quit Policy index : 0 Policy name : No policy applied Session timeout : 3600 Session duration : 0,00:26:19 Idle timeout : 300 Idle time : 0,00:00:00 Termination time: Not Terminated However the NIC continues to attempt authentication every 15-30 seconds. Kind Regards Pheko Mamabolo Networks Siemens Southern Africa Corporate AFR IT 300 Janadel Avenue, Midrand, 1685 T: +27(0) 11 652 2938 F: +27(0) 86 506 6018 M: +27(0) 82 487 9822 [email protected] www.siemens.com<http://www.siemens.com> -----Original Message----- From: Jolyon Ansuz [mailto:[email protected]] Sent: 10 November 2011 04:19 AM To: Enterasys Customer Mailing List Subject: RE: [enterasys] Help with dot1x reauthentication Pheko, On our edge network C-chassis’ we use: #eapol set dot1x enable set dot1x auth-config reauthenabled true reauthperiod 7200 ge.1.1 set dot1x auth-config reauthperiod 14400 ge.1.21 where ge.1.1 is one of many edge ports and where ge.1.21 is an underlying member of a LAG that goes to the core network. We can see this by “show conf eapol”. This will (read: may) slow your prompts for reauthentication. You may also need to refer to your N-chassis CLI guide for the correct commands and usage. Sincerely, Jolyon Ansuz Senior Network and Communications Administrator Communications Infrastructure Information Technology University of New England Armidale NSW 2351 P: +61 2 6773 3568 F: +61 2 6773 3424 M: +61 412 735 836 This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. "Most of the things worth doing in the world had been declared impossible before they were done.", Louis D. Brandeis From: Mamabolo, Pheko [mailto:[email protected]] Sent: Thursday, 10 November 2011 12:30 AM To: Enterasys Customer Mailing List Subject: RE: [enterasys] Help with dot1x reauthentication This is exactly what we are experiencing the re-auth times are between 15 and 30 seconds. The firmware is on DFE-G-06.12.08.0003 upgraded today I’d appreciate the work around. Kind Regards Pheko Mamabolo Networks Siemens Southern Africa Corporate AFR IT 300 Janadel Avenue, Midrand, 1685 T: +27(0) 11 652 2938 F: +27(0) 86 506 6018 M: +27(0) 82 487 9822 [email protected] www.siemens.com<http://www.siemens.com> From: Patrick Printz [mailto:[email protected]] Sent: 09 November 2011 02:54 PM To: Enterasys Customer Mailing List Subject: RE:[enterasys] Help with dot1x reauthentication Pheko, We dealt with this about a year ago, I was digging and trying to remember what we did to fix it. First off, I would make sure the firmware is up-to-date. The issue we had though was EAP packets hitting the ports on the switch and causing any attached PC’s to re-authenticate. The timing was about every 30 seconds, which sounds similar to what you are seeing. Might want to give that a look. Patrick Printz Network Infrastructure Quinsigamond Community College 670 West Boylston Street Worcester, MA 01606-2092 w. 508-854-7517 c. 508-726-9529 "If a man is called a street sweeper, he should sweep streets even as Michelangelo painted, or Beethoven composed music, or Shakespeare wrote poetry. He should sweep streets so well that all the hosts of heaven and Earth will pause to say, Here lived a great street sweeper who did his job well." ~Martin Luther King, Jr. From: Mamabolo, Pheko [mailto:[email protected]] Sent: Wednesday, November 09, 2011 3:54 AM To: Enterasys Customer Mailing List Subject: [enterasys] Help with dot1x reauthentication Hi Please advice, we have enabled dot1x on an N3 DFE-G-06.12.08.0003 The NIC keeps reseting as the pics below, any remedy to this as we has set re-auth to be false yet this continues. A minute later Kind Regards Pheko Mamabolo Networks Siemens Southern Africa Corporate AFR IT 300 Janadel Avenue, Midrand, 1685 T: +27(0) 11 652 2938 F: +27(0) 86 506 6018 M: +27(0) 82 487 9822 [email protected] www.siemens.com<http://www.siemens.com> ________________________________________________________________________________________ Disclaimer and Confidentiality Note This e-mail communication, its attachments, if any, and any rights attaching to it are, unless the context clearly indicates otherwise, the property of Siemens Limited. It is confidential, private and intended for the addressee only. If you are not the intended recipient and receive this communication in error, you are hereby notified that any review, copying, use, discloser or distribution in any manner whatsoever is strictly prohibited. Please notify the sender immediately that you have received this e-mail in error and delete the e-mail and any copies of it. Views and opinions expressed in this e-mail are those of the sender unless clearly stated as those of Siemens Limited. Siemens Limited accepts no liability for any loss or damage whatsoever, and howsoever incurred or suffered resulting or arising from the use of this e-mail communication and/or its attachments. Siemens Limited does not warrant the integrity of this e-mail communication nor that it is free of errors, viruses, interception or interference. Siemens Limited, its divisions and subsidiary companies (�Siemens�) expressly excludes sections 11, 12, and 13 of the Electronic Communications and Transactions Act, 25 of 2002 (�the ECT�) in respect of e-contracting. No data message or electronic communication will be recognised as having a legal contractual status under the ECT Act. All agreements concluded by Siemens will only be legally binding when reduced to physical writing and physically signed by a duly authorised representative of Siemens. For more information about Siemens Limited, visit our website at www.siemens.com<http://www.siemens.com> Siemens Limited Company Registration Number: 1923/007514/06 Registered Address: 300 Janadel Avenue, Halfway House 1685 VAT Registration Number: 4790104428 Chairman: Dr S Russwurm* Chief Executive Officer: SG Proebstl*; Chief Financial Officer: AD Hall Executive Director: AM Mathole Non-Executive Directors: R Guntermann*; Dr MI Surve; K Setzin Alternate Directors: I Amod; Y Mahomed Company Secretary: V Reddy *German • --To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected] • --To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected] • --To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected] --- To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected] --- To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected] --- To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected] --- To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected]
