dot1x authentication fails on S5700

Publication Date:  2014-09-12 Views:  488 Downloads:  0
Issue Description
Authentication fails for all users. Error received but host is : Unable to connect.
Alarm Information
none
Handling Process
As a solution for this issue you need to change the port dot1q confguration. A port configured for only one user is an access port and this configuration needs to be changed to hybrid mode so it can support more than one users. You can find the initial configuration and the modified version below:

before:
port link-type access
port default vlan 105
dot1x enable
dot1x max-user 1
authentication guest-vlan 101
authentication restrict-vlan 104
dot1x port-method port
dot1x reauthenticate

after (working config):
port hybrid pvid vlan 105
port hybrid untagged vlan 2 to 4094
dot1x enable
dot1x max-user 2
authentication guest-vlan 101
authentication restrict-vlan 104
authentication critical-vlan 105

Root Cause
This failure is caused by the fact that more than one user needs to authenticate on a port configured to support only one user.
Suggestions
if you need to use port-method mac always configure the port in hybrid mode.

END