Security

Reply
Occasional Contributor I

802.1x Wired clients re-auth every 30 seconds under certain circumstances

I'm setting up CPPM for my company, and so far it's working exactly like I wanted. If we log in with a domain joined machine using a domain user everything works exactly like you expect- they authenticate and the session is left open. If you log in with a domain joined machine with a LOCAL user (ex- local administrator account, authenticated via the Local Users database in CPPM) the computer re-authenticates every 30 seconds on the dot. This introduces some latency and in some cases even dropped packets if the computer takes a while to authenticate successfully.

How do I fix this issue?

Guru Elite

Re: 802.1x Wired clients re-auth every 30 seconds under certain circumstances

What type of switch? It's likely related to a switch misconfiguration.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I

Re: 802.1x Wired clients re-auth every 30 seconds under certain circumstances

Happens on our Avaya ERS3500s as well as our older HP 1910/3com 2928 switches.

 

If it was a switch misconfiguration wouldn't the same behavior happen for Domain Computer/Domain user?

Guru Elite

Re: 802.1x Wired clients re-auth every 30 seconds under certain circumstances

Good point. Is the supplicant configured manually or via GPO?

 

Also, it may be better to reach out to your Aruba partner. It is very difficult to troubleshoot stuff here.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I

Re: 802.1x Wired clients re-auth every 30 seconds under certain circumstances

The supplicant is configured via GPO. 

 

I actually tweaked the supplicant/server timeout settings on the switch and I think you were on to something. I changed the port's Supplicant Timeout/Server Timeout setting to 300 seconds and was able to say connected for 5 minutes. Which, of course, begs the question of why the same behavior isn't displayed with DomainMachine/DomainUser logins. 

 

Thanks for the assistance!

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: