Troubleshooting Authentication of End Devices on EX Series Switches
Problem
End devices configured using static MAC addresses lose connection to the switch after the clear dot1x interface command is run to clear all learned MAC addresses.
Before clearing MAC addresses:
user@switch# run show ethernet-switching table Ethernet-switching table: 3 entries, 1 learned, 0 persistent entries VLAN MAC address Type Age Interfaces vlan100 * Flood - All-members default * Flood - All-members default 00:a0:d4:00:03:00 Learn 0 ge-3/0/16.0 user@switch> show dot1x authentication-bypassed-users MAC address Interface VLAN 00:a0:d4:00:03:00 ge-3/0/16.0 configured/default
To clear MAC addresses:
user@switch> clear dot1x interface
After clearing MAC addresses:
user@switch> show ethernet-switching table Ethernet-switching table: 2 entries, 0 learned, 0 persistent entries VLAN MAC address Type Age Interfaces vlan100 * Flood - All-members default * Flood - All-members user@switch> show dot1x authentication-bypassed-users
Note that there are no end devices on the authentication bypass list.
Cause
Static MAC addresses are treated the same as other learned MAC addresses on an interface. When the clear dot1x interface command is run, it clears all learned MAC addresses from the interface, including the static MAC bypass list (also known as the exclusion list).
Solution
If you run the clear dot1x interfaces command for an interface that has static MAC addresses configured for authentication bypass, re-add the static MAC addresses to the static MAC bypass list.
