ClearPass version 6.9.7, Switch: AOS-CX 6300 version 10.06.0011 with dynamic VLAN segmentation.
We have no problem at home campus, but at the remote site where traffic is tunneled. There are four types of Mac-Auth devices at remote site: IP phone, printer, Aruba AP and Security camera. CPPM profiled and assigned roles and VLANs to these devices correctly.
There is no problem with phone, AP, and printer but all security cameras drop out 5 minutes after getting correct role and VLAN. These cameras are not coming back until the switchport bounces. The Endpoint shows cache expires in 5 minutes and seems like the time match the drop.
"show port-access client" not seeing these cameras when they drop
"show mac-address port xxx" is not register mac address of the camera.
CPPM access tracker shows no reject or any events of camera trying to re authenticate.
Event log when camera connects gets a VLAN and role:
2022-01-11T15:48:34.985937-06:00 MY-SW port-accessd[3511]: Event|10503|LOG_INFO|MSTR|1|Port 1/1/40 is unblocked by port-access2022-01-11T15:48:34.972945-06:00 MY-SW ops-switchd[732]: Event|2108|LOG_INFO|MSTR|1|Created Mac based VLAN entry. VLAN 500 is mapped to client e4:30:22:xx:xx:xx on port 1/1/402022-01-11T15:48:34.241574-06:00 MY-SW port-accessd[3511]: Event|10502|LOG_INFO|MSTR|1|Port 1/1/40 is blocked by port-accessEvent log after 5 minutes:
2022-01-11T15:53:39.347613-06:00 MY-SW ops-switchd[732]: Event|2110|LOG_INFO|MSTR|1|Deleted Mac based VLAN entry for e4:30:22:xx:xx:xx with VLAN 500 on port 1/1/402022-01-11T15:53:39.334512-06:00 MY-SW port-accessd[3511]: Event|10502|LOG_INFO|MSTR|1|Port 1/1/40 is blocked by port-accessEndpoint Policy Cache
Ideas? suggestions?
Thanks,
------------------------------
Trinh Nguyen
------------------------------