Hi,
On a EX4300-48P stack (21.4R3), ports are configured for mac-radius and dot1x (in that order) with guest-vlan activated. Everything is working fine, for unknown hosts, mac-radius fails (RADIUS Reject), the host is then polled for dot1x. For non corporate hosts, the port ends up authentated in GuestVLAN, as we can see in this output (guest-vlan is named netlogin)
admin@15j3> show dot1x interface ge-0/0/9 detail
ge-0/0/9.0
Role: Authenticator
Administrative state: Auto
Supplicant mode: Multiple
Number of retries: 3
Quiet period: 60 seconds
Transmit period: 5 seconds
Mac Radius: Enabled
Mac Radius Restrict: Disabled
Mac Radius Authentication Protocol: EAP-MD5
Reauthentication: Enabled
Configured Reauthentication interval: 3600 seconds
Supplicant timeout: 30 seconds
Server timeout: 30 seconds
Maximum EAPOL requests: 2
Guest VLAN member: netlogin-net
No Mac Table Binding: Enabled
Number of connected supplicants: 1
Supplicant: No User, 74:78:27:C6:A6:65
Operational state: Authenticated
Backend Authentication state: Idle
Authentication method: GuestVlan
Authenticated VLAN: netlogin-net
Session Reauth interval: 3600 seconds
Reauthentication due in 0 seconds
Eapol-Block: Not In Effect
Domain: Data
The only issue is that DOT1XD_USR_ATHNTICTD_GST_VLAN event is never triggered/logged. All I'm seeing in the logs is DOT1XD_USR_ACCESS_DENIED corresponding to the MAC-RADIUS Reject. I double checked logs configuration and I even tried to add a event policy with an action triggred with DOT1XD_USR_ATHNTICTD_GST_VLAN event, and the action is in fact never executed.
Am I missing something obvious here? Or maybe I don't fully understanting when this event is suppose to be triggred? the event description is quiet traightforward to me : "User has been authenticated on guest vlan if it is configured and authentication using mac-radius for a non-responsive client failed."
Any ideas?
------------------------------
Youssef
------------------------------