University at Buffalo - The State University of New York
Skip to Content

Common Questions and Answers for Wired Network Switch Replacement Project

Most devices connected to a new wired network switch will be automatically configured for use. Find solutions to potential configuration problems.   

On this page:

Newly connected machine has link, but cannot access the network

Web browsing attempts do not get redirected to the captive portal.

The device has not had it's MAC address registered, and it is configured with a static IP address. Register the MAC address from a 3rd party machine, and/or convert the device to DHCP to get a usable network address for the VLAN that it is in.

Device is stuck on using the old VLAN

The selected VLAN is changed within the registration record for a device that is already connected to the network, but the device seems to be stuck on the old VLAN despite ipconfig /release /renew, disconnecting and reconnecting the network cable, and even rebooting the machine.

The cause is a device (teaching station switch, miniswitch, VoIP phone, etc.) in between the user device and our UB network.

When the VLAN is changed within the registration record of a given device, Clearpass does not send a Change of Authority (CoA) message to the UB switch like it does during the captive portal onboarding process. Rather, the only way for the UB switch to put the user device in the new VLAN is for the user device to disappear from the UB switch, and then be reconnected.

One way to accomplish this is for the machine to be removed from the network for at least 5 minutes.

An alternative way is for link to drop to our UB switch, which will immediately clear the session on our switch.

If the user device is directly connected to the wall, then you can simply disconnect/reconnect the network cable, or reboot the device. However, if there is another device (miniswitch, VoIP phone, etc) in the path, then this option will not work because link will never drop on the UB switch.

If feasible, the user would need to drop link between their intermediate device (miniswitch, VoIP phone, etc) and the UB switch.

I'm on a Mac and I get a 802.1x pop-up asking for my account name and password

The pop-up is displayed because 802.1x is enabled on the wired port by default on Mac OS.

If you are prompted about using an 802.1x certificate, select No Certificate, and then you will be able to enter your UBITName as the account name and your UBITName password as password to complete configuration.

Hibernating device is not able to be woken up using WakeOnLAN (WoL) magic packet

Follow these steps to remedy the problem.

  1. Confirm you have WoL properly enabled and configured on the device. This generally requires making changes to both the BIOS and the configuration within the operating system.
  2. Determine what VLAN the device is on when it is hibernating. Depending on the operating system, some devices will hibernate in the unauthenticated 8xx captive portal VLAN, while other devices will hibernate in their authenticated VLAN.
  3. Make sure you are sending the WoL magic packet from a source that is authorized through the network filters (i.e. send the packet, from WoL web interface).

Windows device not able to “verify the server’s identity” when running 802.1x

This issue is related to the certificate authorities that are configured on the client device. This has been a longknown issue with UB Wi-Fi and ExpressConnect is configured to resolve the issue for UB Wi-Fi.

There is no benefit to setting up ExpressConnect for the wired connections because so many wired users don't have admin priveleges on their machine. Rather, for the wired devices, the 802.1x client configuration guide recommends that everyone disable the checkbox for validate server certificate.

Windows device experiencing a "duplicate IP address" pop-up

During normal network operation, our switches periodically send out IPv6 neighbor solicitation packets that have a source IPv6 address of all zeros (::), and a source MAC address of all zeros (000000000000). A machine on a typical UB network can expect to receive 288 of these packets per day. Windows machines will occasionally assume a temporary IPv6 address of all 0's for a very brief period of time. The most common scenario is with regards to requesting or renewing an IPv6 DHCP lease.

If both of these relatively rare scenarios happen at the same time, the Windows machine will display the duplicate IP address pop-up. Based on anecdotal evidence, this is a very rare occurrence, and most users will never experience it, however there have been a few reports of users receiving the pop-up twice during the same week. There is likely something within the configuration of these machines that is causing a higher likelihood of the scenario happening (perhaps related to machine power management, or laptops that are docking and undocking, causing more frequent DHCP requests and/or renewals).

As far as we know, this issue is not service affecting in any way, and the user can simply click Close, and continue with their work. At this time, we do not have any other workaround or solution. If we see more frequent occurrences of this pop-up, and it becomes a nuisance, UBIT will investigate further.

The pop-up window can be disabled on Windows 7 by the following steps:

  1. Locate this registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
  2. Click Edit > New > DWORD
  3. Type ArpRetryCount
  4. Right-click the ArpRetryCount registry entry and click Modify
  5. In the Value box, type 0 and click OK
  6. Exit the registry editor and reboot

First time plugging in VoIP phone and it boots up twice

This is normal and expected behavior. When a VoIP phone is first connected to the network, it receives power from the UB switch and it is profiled by the switch.

Once the switch determines that the device is a VoIP phone, the switch reconfigures its port with the propper settings for the device. Then it bounces the power (PoE) to the VoIP phone so that the phone will be reset and come back online with the proper configuration.

Device is not able to authenticate with the switch using 802.1x when properly configured

  1. Check for a miniswitch in between the wall and the user device. During the exchange of 802.1x information, the user device will send a packet to the UB network that is destined for a special multicast address. Some switches will intercept/block that packet, while others will pass it through to the UB network (and then 802.1x works fine).
  2. Switches that are known to block/intercept the 802.1x packets (and thus 802.1x does NOT work) include:
    • Cisco SG300's (UB "teaching station switches")
    • Netgear FS308
  3. Switches that are known to pass the 802.1x packets successfully (and thus 802.1x DOES WORK work) include:
    • DLink 8port DGS1008G Gigabit switch ($25 on Amazon)
    • Netgear 8port ProSave GS108 Gigabit switch ($50 on Amazon)
    • TPLink 8port TLSG108 Gigabit switch ($30 on Amazon)
    • Netgear 8port GS208 Gigabit switch ($20 on Amazon)

Contact the UBIT Help Center

Have a UBITName? You may also use the UBIT Help Center Online (login required).

(Required)
 
 
(xxx) xxx-xxxx
(Required)
Use your @buffalo.edu email, if known
 
(Required)