Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
741
Views
0
Helpful
0
Replies

802.1x w/ EAPoL Logoff - Issue

jc84_
Level 1
Level 1

‎07-12-2019 06:49 AM

Hey Guys,

 

Hoping to see if anyone has seen this before....

 

We are running wired 802.1x w/ Cisco Catalyst 3850s, ISE, Windows 10 endpoints behind Avaya IP phones.  We have the Avaya phones configured to support 802.1x passthrough w/ loggoff.

 

The behaviour we are seeing is when you shutdown your PC the Avaya IP Phone sends an EAPoL Logoff on behalf of the laptop.  My belief is this 1st EAPoL logoff is being sent because the network adapter on the PC transitions from 1Gbps/FDX to 10Mbps/FDX as part of power-saving and staying online to support wake-on-LAN (WoL).  Everything is fine with this and the switch clears the authenticated session.

 

Now with the PC shutdown the user then undocks from their docking station, which results in a 2nd EAPoL Logoff message being sent as the network adapter to the phone is being changed from 10Mbps/FDX to disconnected.  With this 2nd EAPoL Logoff the switch is treating that as a the start of a new session, and since the endpoint is no longer connected it goes through EAP and then to MAB and results in an UnAuth state.  Which basically keeps a stale session on the port, alerts in ISE...all until the endpoint re-connects the following morning when the user comes back into the office.

 

Has anyone seen this behaviour?

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card