Wired Intelligent Edge

last person joined: 5 hours ago 

Bring performance and reliability to your network with the Aruba Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of the ArubaOS-Switch and ArubaOS-CX devices, and find ways to improve security across your network to bring together a mobile first solution.
Expand all | Collapse all

port-access clients disappearing on CX 6100

This thread has been viewed 28 times
  • 1.  port-access clients disappearing on CX 6100

    Posted 16 days ago
    I'm waiting on a call back from TAC, and was hoping the community might have some information. We have two CX 6100 switches both running 10.06.0140. We've seen this problem on other 10.06 releases as well.

    The issue is, that after a period of time, some port access clients (mac auth is where we've seen this so far) disappear from the switch. By that I mean that the command show port-access clients no longer shows them at all and we stop receiving any requests through clearpass. Rebooting the client doesn't help, nor does bouncing the port. Rebooting the switch does help.

    It can happen with a variety of clients and ports (all ports configured the same way) but the one we're seeing right now is on port 15, and the config on that is:

    interface 1/1/15

        no shutdown

        vlan access 1

        loop-protect

        loop-protect action tx-rx-disable

        aaa authentication port-access client-limit 32

        aaa authentication port-access dot1x authenticator

            eapol-timeout 2

            max-eapol-requests 3

            reauth

            enable

        aaa authentication port-access mac-auth

            reauth

            enable

        client track ip enable

    client track ip update-interval 60


    There's nothing regarding that port in the logs that I can see. 

    Any ideas? 



    ------------------------------
    Jordan Desroches
    ------------------------------


  • 2.  RE: port-access clients disappearing on CX 6100

    Posted 12 days ago

    Is there any traffic from mac-auth client reaching CX 6100? Can you please check below show command outputs?



    –show mac-address-table detail

    –show lldp neighbor-info

    –show cdp neighbor-info

    –show port-access clients detail

    –show aaa authentication port-access dot1x authenticator interface all client-status

    –show aaa authentication port-access mac-auth interface all client-status
    –show radius-server detail

    –show aaa authentication port-access interface all client-status



    ------------------------------
    Yash NN
    ------------------------------



  • 3.  RE: port-access clients disappearing on CX 6100

    Posted 4 days ago
    Hello,

    what did TAC say?

    had any evolution?

    we have the same problem here.

    hugs


    ------------------------------
    Paulo Kirchesch
    ------------------------------



  • 4.  RE: port-access clients disappearing on CX 6100

    Posted 2 days ago
    Hi all, yesterday Aruba released the ArubaOS-CX 10.06.0150 software build, specifically the Release Notes document about Aruba CX 6100 is available here.

    Maybe this new build could be tried to see if it solves/mitigates the reported issue.

    ------------------------------
    Davide Poletto
    ------------------------------



  • 5.  RE: port-access clients disappearing on CX 6100

    Posted 2 days ago
    Working with TAC we haven't gotten to the bottom of it yet. We've brought the systems up to 10.06.0140 (didn't help), and tried client-inactivity timeout none on the roles to try to help with quiet clients. We're still waiting to see if the client-inactivity timeout helps. We only have a few clients on the 6100 series, so some time can go by before we notice the issue. I'll bump the code version up to 10.06.0150 as it has several notes about authentication fixes.

    ------------------------------
    Jordan Desroches
    ------------------------------