I have an issue with the usage of downloadable user-role and NTP time sync. Downloadable user-role are working like a charm, but this happens when the switch returns from a power outage.
I configured two NTP servers with the iburst option for aggressive polling, but the successful time sync happens just after the wired auth. Because the time is off, the user-role cannot be downloaded and the ports get the default denyall user-role. This role doesn't have a reauth period configured.
I 02/12/19 10:04:15 04910 ntp: ST1-CMDR: All the NTP server associations reset.
I 02/12/19 10:04:15 04909 ntp: ST1-CMDR: The NTP Stratum was changed from 16 to 4.
I 02/12/19 10:04:15 04908 ntp: ST1-CMDR: The system clock time was changed by 918810079 sec 463263273 nsec. The new time is Tue Feb 12 10:04:15 2019
I 01/01/90 01:02:55 05747 DFP: ST1-CMDR: device_fingerPrinting: Hardware Rules updated successfully for port:1/1, protocol:80, client:08:00:0F:9D:45:BF
W 01/01/90 01:02:55 05204 dca: ST1-CMDR: Failed to apply user role _VOIP___DUR_-3005-1_7Z4q to macAuth client 08000F9D45BF on port 1/1: user role is invalid.
W 01/01/90 01:02:55 05620 dca: ST1-CMDR: macAuth client 08000F9D45BF on port 1/1 assigned to initial role as downloading failed for user role _VOIP___DUR_-3005-1.
I 01/01/90 01:02:53 04911 ntp: ST1-CMDR: The NTP Server 10.128.10.51 is unreachable.
Since the denyall user-role is read-only, I cannot change the reauthentication period from the user-role.
User Role Information
Name : denyall
Type : predefined
Reauthentication Period (seconds) : 0
Cached Reauth Period (seconds) : 0
Logoff Period (seconds) : 300
Untagged VLAN :
Tagged VLAN :
Captive Portal Profile :
Policy : denyall_104112101032097114117098097032098105108108
Tunnelednode Server Redirect : Disabled
Secondary Role Name :
Device Attributes : Disabled
I am curious if somebody experienced the same issue and how you resolved it.
I "fixed" it via the configuration of a new initial role with a reauth period of 10 seconds. The full configuration can be found on here my personal blog page www.booches.nl.
A software fix for the clock reset on cold boot/power loss issue on the 2930F and 2540 is in the works, and is expected to be released by the end of February.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.