802.1x Port Method MAC Based useless?

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

802.1x Port Method MAC Based useless?

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
802.1x Port Method MAC Based useless?
802.1x Port Method MAC Based useless?
2019-10-22 10:58:28
Hardware Version: V2
Firmware Version: 2.0.3 Build 20190509 Rel.36379(s)

I'm running 802.1x with MAB and Port Method 'MAC Based' questioning RADIUS.

 

I noticed some traffic going through even if the MAC is refused and Port Status remains 'Unauthorized'. It's a phone device and the traffic seems enough to obtain an address via DHCP and to register a SIP session.

 

Even more: Enough is going through to establish a call! The stream is getting interrupted every few seconds but stays open to come back.

 

Still more: If a connect a second (accepted) MAC behind the phone both devices are able to communicate without interruption. The switch keeps questioning RADIUS about the refused MAC but traffic is going through as if the MAC was accepted.

Still stays 'Authorized' if I disconnect the valid MAC behind.

 

Any ideas?

  0      
  0      
#1
Options
5 Reply
Re:802.1x Port Method MAC Based useless?
2019-10-23 02:33:36

@PeterS 

 

Do you mean that you can access other devices even though your client doesn't pass the authentication? I think you may contact tp-link support for help.

  0  
  0  
#2
Options
Re:802.1x Port Method MAC Based useless?
2019-10-23 05:50:02

@Andone, exactly that is what happens.

The client keeps on failing the authentication process while a lot of his traffic passes the switch anyway.

I'll contact support about that. Thank you very much.

  0  
  0  
#3
Options
Re:802.1x Port Method MAC Based useless?
2019-10-23 09:09:53

@PeterS 

 

Hi, if you have something like "several packet goes through (I checked by ping), then it's blocked for a minute, then again several packets goes through, when MAC-address must be totally blocked", then I attach a beta for you, my friend :)

 

File:
T1500G-10PSv2_en_2.0.3_[20190820-rel68329(Beta)]_up.rarDownload
  0  
  0  
#4
Options
Re:802.1x Port Method MAC Based useless?
2019-11-19 08:40:27

@Mitya 

Thank you so much for sharing the firmware.

It's better, because client traffic is now really blocked until 'MAC authentication passed', but still too buggy for use in production.

 

This is caused by the fact that in 'Port Method' 'MAC Based' a client requesting an additional (tagged) VLAN configured on the port is not going through.

The second time it is plugged in the same port without any change, things work perfectly. Same if it plugged in (second time) on another port with same configuration.

 

Another known issue? Or only the fact it's beta?

  0  
  0  
#5
Options
Re:802.1x Port Method MAC Based useless?
2019-11-19 08:48:36

@PeterS 

I haven't met such behaviour and it works pretty well for my camera projects even with VLANs. You can try to contact your local technical support with this fw and discuss deeper with your example, if you care.

  0  
  0  
#6
Options