Junos
Junos

Dot1x configuration shut down all interfaces on EX-3400 VC, ELS?

[ Edited ]
‎09-09-2019 05:01 AM

Hello!

We use EX-series switches and recently discovered issues with dot1x on EX3400 wich have the ELS syntax.

We shut it off temporarily and today i wanted to configure upp a test port to do a PCAP to find out what happens with the authentications, on a VC with 10 EX-3400 members i pushed the profile configuration and it everything went down, the LED's of the switch was shining but all interfaces went down and i couldnt connect with a Console cable.

While panicking and trying to figure out what to do it started flickering and eventually came up and found it's members again without problem.

This is the config i used, Radius configuration was present since before and all that was deleted was the profile.

 

radius-server {
172.16.X.X{
port 1812;
secret "XXX"; ## SECRET-DATA
}
172.16.X.X {
port 1812;
secret "XXX"; ## SECRET-DATA
}
}

And the display set wich i loaded in with "load set terminal".

set protocols dot1x authenticator authentication-profile-name profile1
set protocols dot1x authenticator interface ge-4/0/10 supplicant multiple
set protocols dot1x authenticator interface ge-4/0/10 retries 2
set protocols dot1x authenticator interface ge-4/0/10 quiet-period 7
set protocols dot1x authenticator interface ge-4/0/10 transmit-period 1
set protocols dot1x authenticator interface ge-4/0/10 reauthentication 3600
set protocols dot1x authenticator interface ge-4/0/10 supplicant-timeout 4
set protocols dot1x authenticator interface ge-4/0/10 server-timeout 5
set protocols dot1x authenticator interface ge-4/0/10 maximum-requests 3
set protocols dot1x authenticator interface ge-4/0/10 guest-vlan tele
set protocols dot1x authenticator interface ge-4/0/10 server-fail permit


Is there something i missed that needs to be present in the ELS syntax? 


And is the "crash" related to the config or was it just a bad commit? (Commit check went threw succesfully)

3 REPLIES 3
Junos

Re: Dot1x configuration shut down all interfaces on EX-3400 VC, ELS?

‎09-12-2019 03:29 PM

Hello!,

 

Hoping you are doing great, what is the JunOS version your EX is running?

Did you see any core-dump files generated on the system after commit? 

Did you check the EX-3400 CPU usage? 

 

I will be waiting for your response.

 

Best Regards,

Allan Q.

 

Junos

Re: Dot1x configuration shut down all interfaces on EX-3400 VC, ELS?

‎09-16-2019 01:24 AM

Hello!

I am thank you very much.

It's running 18.1R3.3 and i did not see any core dumps.
CPU-Usage has been stable and fine at 32%.


The dot1x still isnt working properly, clients are reauthenticating sporadically instead of every 3600 seconds as configured,
I get the following warning messsage.

root@MAL-SW13> show configuration protocols dot1x
authenticator {
authentication-profile-name profile1;
interface {
ge-4/0/47.0 {
##
## Warning: Interface must be defined in the interfaces hierarchy with family ethernet-switching or family bridge
##
supplicant multiple;
retries 2;
quiet-period 7;
transmit-period 1;
reauthentication 3600;
supplicant-timeout 4;
server-timeout 5;
maximum-requests 3;
guest-vlan tele;
server-fail permit;
}
}
}

Any clues?


Junos

Re: Dot1x configuration shut down all interfaces on EX-3400 VC, ELS?

‎09-17-2019 01:33 PM

Hi there,

 

 It is possible that you are facing the issues described on PR1313578.

 Checking it is possible that the fix is not yet applied on 18.1R3. If you had the chance, try moving back to 18.1R1

 

 https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1313578