Hello,
it's been a time before i had time to really look into this problem. i found the following issue.
For my explanation, i will use port 29.
Port 29 has the following config:
interface 29
untagged vlan 16
aaa port-access authenticator
aaa port-access authenticator server-timeout 30
aaa port-access authenticator reauth-period 86400
aaa port-access authenticator client-limit 10
aaa port-access authenticator cached-reauth-period 86400
aaa port-access mac-based
aaa port-access mac-based addr-limit 32
aaa port-access mac-based addr-moves
aaa port-access mac-based reauth-period 86400
aaa port-access mac-based cached-reauth-period 86400
spanning-tree admin-edge-port
spanning-tree bpdu-protection
loop-protect
exit
port 29 is connected with a unmanaged HP 1420-8G switch that stands on a desk.
when i connect one laptop, its 802.1x authenticated. when i add a phone, its mac authenticated and if a add another laptop, all goes well.
When i disable port 29 and re-enable it, all goes well.
When i power off the switch (the HP1420) and power it on, then all goes wrong. The laptop gets placed in a VLAN for mac-authenticated devices, but the laptop also successfully authenticates the 802.1x authentication, but never gets placed in that VLAN. After 30 seconds, the laptop retries to authenticate with 802.1x and succeeds, but still stays in the mac-authenticated VLAN.
the re-authenticate is forced by the following command:
aaa port-access authenticator 29 tx-period 30
if i put this to 100, then the 802.1x authentication happens every 100 seconds.
Extra info:
802.1x authentication places the laptop in VLAN 16 with a IP range specific for that range.
MAC authentication places the laptop in VLAN 24 with a IP range specific for that range.
throughout the test i was able to ping the laptop on the IP that is used for mac-authentication. The ping timed-out once when a re-authenticate happens.
The switch has a latency of 120 with the ClearPass radius server.
i've got no idea whats wrong with this configuration and every help is much appreciated.