01-26-2017 08:16 PM
We're using CPM to manage port access on Aruba 3810 switches. Workstations are chained thru Cisco Phones. Machine Auth and User Auth are working correclty and the Phone gets put in the "Phone" role and the workstation gets put in the User-Machine" role. The problem arises if a user mistypes their password when logging in. The "Phone" role will remain with the phone being 100% functional but the workstation's role will got to null and lose network connectivity. At this point a sh port-access client will only show the phone but nothing behind the phone. Once this happens no actions on the workstation nor commands on the switch will resurrect connectivity. The only solutions is to physically move to another switchport. We've tried swtich code 16.02.0010, 16.02.0014, 16.02.0015, 16.03.0003. Its worth noting I have a 2920 switch configured identically and it works just fine when a users mistypes their password. The port retains the Machine-Auth role and flips to Machine-User Auth when the password is entered correctly.