last person joined: 5 hours ago 

Bring performance and reliability to your network with the Aruba Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of the ArubaOS-Switch and ArubaOS-CX devices, and find ways to improve security across your network to bring together a mobile first solution.
Expand all | Collapse all

Downloadable User-Role and NTP sync

  • 1.  Downloadable User-Role and NTP sync

    Posted Feb 12, 2019 05:00 AM

    I have an issue with the usage of downloadable user-role and NTP time sync. Downloadable user-role are working like a charm, but this happens when the switch returns from a power outage.


    I configured two NTP servers with the iburst option for aggressive polling, but the successful time sync happens just after the wired auth. Because the time is off, the user-role cannot be downloaded and the ports get the default denyall user-role. This role doesn't have a reauth period configured.


    I 02/12/19 10:04:15 04910 ntp: ST1-CMDR: All the NTP server associations reset.
    I 02/12/19 10:04:15 04909 ntp: ST1-CMDR: The NTP Stratum was changed from 16 to 4.
    I 02/12/19 10:04:15 04908 ntp: ST1-CMDR: The system clock time was changed by  918810079 sec 463263273 nsec. The new time is Tue Feb 12 10:04:15 2019
    I 01/01/90 01:02:55 05747 DFP: ST1-CMDR: device_fingerPrinting: Hardware Rules updated successfully for port:1/1, protocol:80, client:08:00:0F:9D:45:BF
    W 01/01/90 01:02:55 05204 dca: ST1-CMDR: Failed to apply user role _VOIP___DUR_-3005-1_7Z4q to macAuth client 08000F9D45BF on port 1/1: user role is invalid.
    W 01/01/90 01:02:55 05620 dca: ST1-CMDR: macAuth client 08000F9D45BF on port 1/1 assigned to initial role as downloading failed for user role  _VOIP___DUR_-3005-1.
    I 01/01/90 01:02:53 04911 ntp: ST1-CMDR: The NTP Server is unreachable.

    Since the denyall user-role is read-only, I cannot change the reauthentication period from the user-role.


     User Role Information
       Name                              : denyall
       Type                              : predefined
       Reauthentication Period (seconds) : 0
       Cached Reauth Period (seconds)    : 0
       Logoff Period (seconds)           : 300
       Untagged VLAN                     : 
       Tagged VLAN                       : 
       Captive Portal Profile            : 
       Policy                            : denyall_104112101032097114117098097032098105108108
       Tunnelednode Server Redirect      : Disabled
       Secondary Role Name               : 
       Device Attributes                 : Disabled

    I am curious if somebody experienced the same issue and how you resolved it.


    I "fixed" it via the configuration of a new initial role with a reauth period of 10 seconds. The full configuration can be found on here my personal blog page www.booches.nl.


  • 2.  RE: Downloadable User-Role and NTP sync

    Posted Feb 12, 2019 05:16 PM



    A software fix for the clock reset on cold boot/power loss issue on the 2930F and 2540 is in the works, and is expected to be released by the end of February.