What happens between 4:04p and 4:07p when CPPM sees the mac auth?
It could be that the first DHCP discover attempt is the frame that triggers mac-auth. Potentially the printer waits 3 minutes between sending discovers (4:04 to 4:07, 4:07 to 4:10, etc). That doesn't explain the delay between 4:10 and 4:13 after the address has been successfully renewed, but could provide some insight into how robust the printer's network stack is.
With mac-auth, the device (the printer in this case) does not know that it is being authenticated. If the device has a slow retry rate, there can be delays like this.
------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
------------------------------
Original Message:
Sent: Jan 10, 2022 06:51 PM
From: Luis Perez
Subject: CPPM mac-auth delaying Ricoh printer picking up DHCP address
Issue: Ricoh Printer in HQ taking around ~+7mins to pick up DHCP address when using CPPM mac-auth when rebooted...but when aaa port-access mac-auth is bypassed for that printer's switchport on the Aruba switch...the printer reboots and picks up DHCP very quickly within 1 minute.
I already opened a case with Aruba TAC but they cannot find anything helpful so far....
20220110 Rebooted printer
>4:04PM Printer was powered off and then back on "comes back up almost within a minute"
>4:07pm CPPM access tracker picked up printer's mac-auth and ACCEPTED
>4:10pm the printer's DHCP reservation address of 10.130.124.13 showed up on DHCP server log as Client renewed lease (twice)
>4:13pm Printer picked up DHCP "printer became ping-able in the network"
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
The printer downloads a CPPM printer policy with reauth period of 3600
Here is the switchport's aaa port-access config
Has anyone seen this kind of issue before and what could be the fix?
I've tried putting in the sticky-mac to see if that helps and to no avail so far....
Looking into perhaps increasing the reauth to 86400 from 3600 to see if that helps.
Also CCPM Access tracker picks up the mac-auth and accepts it just fine.
Thank you for any tips, hints or tricks!!
------------------------------
Luis Perez
------------------------------