Security

Reply
New Contributor

ShoreTel Phones and MAC-Auth Service Policy

Scenario: ClearPass 6.7

Switches: Cisco 3650 (3.0.6.06E) and Brocade FCX648S (8.0.30n) 

We have a implemented a mac-auth service policy for Shoretel phones. The enforcement profile on this service assigns a RADIUS IETF Session Timeout value of 28800 (8 hours). On a Brocade switch in our lab using the same CP servers, the phones re-auth every 8 hours, as expected. However on a production switch with identical configuration the phones re-auth randomly, e.g. 1 hour, 45 minutes, 20 minutes, etc. We've not experienced this issue on Cisco switches. We've opened a case with HPE support and they are pointing to the switch as the issue. However, we've yet to identify the problem. Just curious if anyone else has experienced similar issues and found a resolution?

Contributor II

Re: ShoreTel Phones and MAC-Auth Service Policy

I don't have experience with Brocade switches. Can you share some output from the switch? Some other vendors always show the expected re-auth intervall for the client (show dot1x user | show aaa ... or similar?).


Sven - AMFX #35
New Contributor

Re: ShoreTel Phones and MAC-Auth Service Policy

Unfortunately the Brocade, at least as far as I have found, has no command that will display the re-auth interval. I have verfied that CP is sending it but have no way of seeing that the switch is actually utilizing it. Thanks for your response.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: