05-09-2017 11:33 AM
I have some issues with lexmark printers, which should be authenticated via MAC - address. The authentication works fine, but after after some time (maybe some hours) the printers aren`t available. The printer doesn`t send any packets, and so is a kind of passive client. I also couldn`t see the mac adress of the printer on the switch, so i have changed the session-timeout for the mac auth to 240 seconds, to get more communication. The reauth happens every 240 seconds, but the printer has the same problem, it isn`t available after some time. i have to plug off an on the printer to get the connection working again. we have more different models of lexmark printers and the same problem.
I think the main problem is, that the printer doesn`t send active packets to the network. So the connected switch loses the mac of the printer..
I have a procurve switch 2920 with firmware 16.02.18.
What is the recommended setting for these "passive clients" and mac out?
i have my clearpass policy attached.
Solved! Go to Solution.
05-10-2017 04:16 AM - edited 05-10-2017 04:17 AM
Did you changed the default logoff-period? I believe Default is 300 seconds (5 min). For devices like printers or other embedded devices the default logoff-period is too low, because they may 'sleep' for longer periods.
Using a DHCP client can help or setting the logoff timer in the mac-auth config.
Setting the logoff timer:
aaa port-access mac-based <portnumber> logoff-period 99999
In ClearPass I would use the default session-timeout.
05-10-2017 11:12 AM
I`ve tested the logoff-period, i had no issues until yet.Is it best practice to set it on 999999 second, or is a smaler count also ok ? could i get any problems ,when i change this account to such a high value?
Thanks a lot
05-10-2017 12:15 PM
It depends when the printer wakes up. If you sent a printjob to the printer it will wake up. Depending on the frequency of printing this can take a while. Some printers have the ability to schedule a wake up once a day. In those cases the timer can be set to 86400 seconds (24h).
Alternative ways to provision ports can be done with ClearPass Onconnect. It's not based on Radius mac-auth, but uses SNMP to configure the port. Kind off last resort.