We setup wired authentication on Cisco switches based on recommended config from Aruba Solutions Engine. We are doing machine auth only for 802.1X and MAC auth. Is there any reason to actually have a reauthentication interval configured? If the port status changes, a new authentication will take place and it doesn't matter if someone logs out and logs into the PCs. Not sure we are getting any value in it, thoughts?
Thanks Tim, our 2960X switches only support up to 65535 seconds or roughly 18 hours maximum. I've also found in Cisco's Wired Authentication Guide that they recommend not setting reauthentication on MAB as it could interrupt connectivity and does not actually validate the MAC address of the device, just the MAC learned on the port initially. With all of that information, I think we're going to just disable the reauthentication interval all together. Wired Authentication is new for us, so we've been able to track devices without the CPPM logs, so I think we'll be OK from that perspective and the troubleshooting is only useful for authentications, which won't be taking place unless the port status changes.
Thanks for your help.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.