Security

 View Only
last person joined: 3 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

CPPM mac-auth delaying Ricoh printer picking up DHCP address

This thread has been viewed 19 times
  • 1.  CPPM mac-auth delaying Ricoh printer picking up DHCP address

    Posted Jan 11, 2022 10:09 AM
      |   view attached

    Issue: Ricoh Printer in HQ taking around ~+7mins to pick up DHCP address when using CPPM mac-auth when rebooted...but when aaa port-access mac-auth is bypassed for that printer's switchport on the Aruba switch...the printer reboots and picks up DHCP very quickly within 1 minute.

    I already opened a case with Aruba TAC but they cannot find anything helpful so far....

    20220110 Rebooted printer

    >4:04PM Printer was powered off and then back on   "comes back up almost within a minute"

    >4:07pm CPPM access tracker picked up printer's mac-auth and ACCEPTED

    >4:10pm the printer's DHCP reservation address of 10.130.124.13 showed up on DHCP server log as Client renewed lease (twice)

    >4:13pm Printer picked up DHCP "printer became ping-able in the network"

    ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

    The printer downloads a CPPM printer policy with reauth period of 3600
    Here is the switchport's aaa port-access config


    Has anyone seen this kind of issue before and what could be the fix?

    I've tried putting in the sticky-mac to see if that helps and to no avail so far....
    Looking into perhaps increasing the reauth to 86400 from 3600 to see if that helps.

    Also CCPM Access tracker picks up the mac-auth and accepts it just fine.

    Thank you for any tips, hints or tricks!!



    ------------------------------
    Luis Perez
    ------------------------------

    Attachment(s)



  • 2.  RE: CPPM mac-auth delaying Ricoh printer picking up DHCP address

    EMPLOYEE
    Posted Jan 11, 2022 11:38 AM
    What happens between 4:04p and 4:07p when CPPM sees the mac auth?

    It could be that the first DHCP discover attempt is the frame that triggers mac-auth. Potentially the printer waits 3 minutes between sending discovers (4:04 to 4:07, 4:07 to 4:10, etc). That doesn't explain the delay between 4:10 and 4:13 after the address has been successfully renewed, but could provide some insight into how robust the printer's network stack is.

    With mac-auth, the device (the printer in this case) does not know that it is being authenticated. If the device has a slow retry rate, there can be delays like this.

    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    ------------------------------



  • 3.  RE: CPPM mac-auth delaying Ricoh printer picking up DHCP address

    Posted Jan 12, 2022 08:27 AM
    thank you for your feedback @cclemmer!!​

    ------------------------------
    Luis Perez
    ------------------------------



  • 4.  RE: CPPM mac-auth delaying Ricoh printer picking up DHCP address

    Posted Jan 12, 2022 04:28 AM
    Hello,

    I don't know what type of Ricoh printer you have but with some models the printer has to boot not only his own firmware but also a android os and that could be tricky. We have several Ricoh printers and  sometime they have to boot 2 or 3 times to get an correct ip-adres through DHCP.
    Newer Models however don't seem to have this issue

    ------------------------------
    Peter Van Rietvelde
    ------------------------------