• Tag : dot1x

 
 

Auto Redirect to captive port is not working on the Arista 720xp

We are trying to implement the dot1x on the wired with authentication server as Aruba clearpass. It’s working fine for the corporate devices while coming to the guest devices where we need the users to get the captive portal for the registration it’s not working. It hit the right service on ClearPass and is sending the attributes to the switch but I didn’t see any redirect on the end device. What are the correct attributes to be sent to the Arista switch from the clearpass for the redirection page and URL?  PFA  and Is there anything that needs to be...
Continue reading →

Dot1x Dropped Counters

Description The Dot1x Dropped Counters count the packets that get dropped for dot1x interfaces The following counters are supported and increment depending on the dot1x interface configuration mode: Eapol unauthorized port (indicates the dropped packet number due to the unauthorized Eapol port when Mac Base Authorization is disabled). Eapol unauthorized host ( indicates the dropped packet number due to  the unauthorized Eapol host). MBA unauthorized host (counts the dropped packet due to the unauthorized host when Mac Base Authorization is enabled.) The dropped counter will not represent all the dropped packets in case of high volume dropping, and the CPU...
Continue reading →

how to manipulate “Syslog event detected” event from cloudvision

Dear all   So many “%DOT1X-3-SUPPLICANT_FAILED_AUTHORIZATION” logs are detected as events from  cloudvision like below. ( a screenshot is attached also ) Syslog event detected: DOT1X SUPPLICANT_FAILED_AUTHORIZATION on HQ-W-L2-720XP-12F-02 I want to prevent these events. Q1 Is there any way to manipulate these events? Events like “Link went down unexpectedly” can be configured its generation. I cannot find a way to control events like “Syslog event detected:xxxxxxx”. Q2 Which level of syslog is detected from cloudvision? “%DOT1X-3-SUPPLICANT_FAILED_AUTHORIZATION” is detected as an event but “%DOT1X-6-SUPPLICANT_AUTHENTICATED” is not detected. Q3 Is there any way to change syslog level of some specific logs? I...
Continue reading →

Wake-on-LAN for Phone Trunk Ports

Description Some devices connected to Dot1x port in trunk phone mode won’t start authentication until it is awakened with a magic packet. A magic packet is a broadcast frame containing anywhere within its payload 6 bytes of all 255 (FF FF FF FF FF FF in hexadecimal), followed by sixteen repetitions of the target computer’s 48-bit MAC address, for a total of 102 bytes. When a system in place sends these magic packets from a remote subnet, the command “ip directed-broadcast” must be enabled on any SVIs of VLANs where sleeping systems reside. The remote system sends the magic packets...
Continue reading →

Follow

Get every new post on this blog delivered to your Inbox.

Join other followers: