Aruba & ProVision-based
cancel
Showing results for 
Search instead for 
Did you mean: 

HP Switch not proccessing EAPOL_Start packets when Openflow enabled

 

HP Switch not proccessing EAPOL_Start packets when Openflow enabled

We are using Windows 802.1X with computer and user authentication with Openflow activated in the switch.

We have seen that when the 802.1X is authenticated with the User credentials and we log-off, the EAPOL_Start BPDUs that the Windows computer sends, in order to restart the 802.1X authentication and use the Computer credentials, are not processed by the switch

The same happens when we have authenticated the 802.1X with Computer credentials and we log-on with the User Credentials. The EAPOL_Start BPDUs are not processed by the switch, so the 802.1X is not renegotiated and the switch keeps the Computer credential based session as authenticated, although the Windows client shows the authentication as failed.

We can say this because we use a network tap in the cable and we see the EAPOL_Start BPDUs sent to the switch, but the Switch doesn't even show these BPDUs in its debug.

If we disable openflow everything works smoothly, and the 802.1X is renegotiated each time we log-off or log-on with Computer or User credentials in each case. In these cases the EAPOL_Start BPDUs are seen in the switch debug and they are processed.


We have test this in HP2930F with WC.16.05.0007 and in HP2920 with WB.16.05.0011 and WB.16.08.0001 .

In all the cases the behaviour is the same. The EAPOL_Start BPDUs are not processed when Openflow is enabled.

Is there any software patch in order to avoid this issue?