Wired Intelligent Edge

• Local Roles created on switches to push clients into correct Vlan
• Clearpass mac authenticates the client and pushes down the role.
• Device appears online and in correct Vlan and is reachable.
• After a period the device drops off the Lan Mac address disappears from mac table and no longer reachable
• Port appears back in default Vlan 4000 in this case with l2 access only.

We extended the client inactivity timeout that looks like a default of 3 minutes to 1 hour and we thought that had solved the issue with little to no traffic on the IOT device.
But now CCTV camera's, NVR and Door controller systems all seeing the same issue.

Thanks

------------------------------
Paul Reddy
------------------------------

In AOS-10.7 we added a new feature for port-security stick MAC that could help you.
check it out, it is in the security guide.

alternative is to increase the client-inactivity timeout value.


------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.
------------------------------

Original Message:
Sent: Jul 01, 2021 11:56 AM
From: Paul Reddy
Subject: Role based access on 6300 CX switch Clients not staying online

• Local Roles created on switches to push clients into correct Vlan
• Clearpass mac authenticates the client and pushes down the role.
• Device appears online and in correct Vlan and is reachable.
• After a period the device drops off the Lan Mac address disappears from mac table and no longer reachable
• Port appears back in default Vlan 4000 in this case with l2 access only.

We extended the client inactivity timeout that looks like a default of 3 minutes to 1 hour and we thought that had solved the issue with little to no traffic on the IOT device.
But now CCTV camera's, NVR and Door controller systems all seeing the same issue.

Thanks

------------------------------
Paul Reddy
------------------------------