Security

last person joined: 7 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Printer MAC Authentication issue after enabling Port Access on the Switch

This thread has been viewed 22 times

  • 1.  Printer MAC Authentication issue after enabling Port Access on the Switch

    Posted Apr 16, 2018 11:54 AM

    I have added the printer MAC Address in Endpoints.  Once Port Access is enabled on that switch port the printer goes offline.  We have it setup this way for all other printers and they don't have any issues.  If I turn off Port config they printer comes back online.  It's and HP LaserJet M553.  Any suggestions would be appreciated.

     

    Thank you,

     



  • 2.  RE: Printer MAC Authentication issue after enabling Port Access on the Switch

    EMPLOYEE
    Posted Apr 16, 2018 11:58 AM
    What is “port config”?


  • 3.  RE: Printer MAC Authentication issue after enabling Port Access on the Switch

    Posted Apr 16, 2018 12:00 PM

    The Port Access settings on the Switch

     

    no aaa port-access authenticator 25
    no aaa port-access authenticator 25 client-limit
    no aaa port-access mac-based 25
    aaa port-access authenticator 25 supplicant-timeout 30
    aaa port-access authenticator 25 tx-period 30



  • 4.  RE: Printer MAC Authentication issue after enabling Port Access on the Switch

    Posted Apr 16, 2018 01:15 PM
    Are you seeing anything in Access Tracker if the device attempting to authenticate ?

    What type of switch are you using ?
    Pardon typos sent from Mobile


  • 5.  RE: Printer MAC Authentication issue after enabling Port Access on the Switch

    EMPLOYEE
    Posted Apr 17, 2018 03:49 AM

    Is this happening just for this printer?

     

    Some printers have the habit to go into sleep mode after a period of inactivity, to save power. In such a state, the device only responds to arp requests (and other direct traffic) and will wake up again. If you enable mac-authentication on the port during such a sleep period, it will appear that the device drops off until it generates traffic again. 

     

    If you don't see an authentication request after enabling mac-authentication on the port, try disconnecting the cable (or disable port) and reconnect (or enable); as last resort reboot printer and you should see MAC authentication happen.

     

    As when printers go to sleep, the authentication might time out and get disconnected, in the ArubaOS switches version 16.05 a feature called MAC Pinning was introduced to solve this issue by keeping the authentication active till the device starts sending traffic again. Check out: http://community.arubanetworks.com/t5/Campus-Switching-and-Routing/What-are-the-new-AAA-security-features-introduced-in-ArubaOS/td-p/412700



  • 6.  RE: Printer MAC Authentication issue after enabling Port Access on the Switch

    Posted Apr 17, 2018 08:17 AM

    Hi,

    Try to change the logoff timer, it worked for me in a few installations.

    The probleme happens with printers, which go asleep.

    You could set the time for mac and 802.1x

    aaa port-access authenticator 1-48 logoff-period 430000
    aaa port-access mac-based 1-48 logoff-period 3000000