Reset Search
 

 

Article

Random EAPOL Ports Changing Administrative State To Force Unauthorized

« Go Back

Information

 
TitleRandom EAPOL Ports Changing Administrative State To Force Unauthorized
Symptoms
  • Random ports across multiple stacks have their EAPOL (Extensible Authentication Protocol Over LAN) administrative status changed to Force Unauthorized
  • Port interface state shows operationally down
  • Ports affected have MAC Security enabled
  • Log messages seen when a port is affected
I    2    2018-08-24 16:08:21 GMT-05:00 39       EAP: Reached MAC intruder count on Unit: 2 Port: 4 
I    2    2018-08-24 16:08:21 GMT-05:00 40       EAP: Mac Intruder - Unit: 2 Port: 4 MAC: aa:bb:cc:dd:ee:ff
Environment
  • ERS 4800
  • All supported releases
Cause
  • Product is functioning as designed.
  • Cause due to Microsoft SCCM feature Wake On LAN Proxy
  • Wake On LAN Proxy spoofs the MAC address of hosts that are sleeping which can cause MAC Security enabled ports to become disabled (seen as Force Unauthorized state)
Resolution
  • Port must be administratively disabled then enabled
  • Avoid using 3rd party vendor Wake On LAN proxy features when switch ports are MAC Security enabled
Additional notes
See Microsoft article on planning/using Wake On LAN Proxy for additional info and warnings on its use

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255