We've got 2 types of switch 2610 (firmware 11.84) and 2620 (firmware 15.08 or 15.10).
On the 2620, the user's pc is renewing his authentication every 5min or multiples (10min, 15min). Therefore his session is disconnected (the dhcp is renewed). The situation is occuring on windows XP SP2 or seven.
On the 2610 we've got no problem and the configuration is perfectly identical:
- one vlan by site if authenticated : 1010, 1011
- a vlan for toip : 447
- a vlan if you are not authenticated : 89
Configuration extract:
vlan 1
name "DEFAULT_VLAN"
untagged 1-26
no ip addr
exit
vlan 447
tagged 1-26
voice
qos priority 5
name toip
exit
vlan 1002
name mngt-switch
ip address 172.27.254.x/24
tag 25,26
exit
management-vlan 1002
vlan 1010
name bat-1
tag 25,26
exit
vlan 1011
name bat-2
tag 25,26
exit
vlan 89
name noAuth
tag 25,26
vlan 89 untagged 1-24
exit
ip authorized-managers 172.27.254.0 255.255.255.0
aaa authentication ssh login radius local
aaa authentication ssh enable radius local
aaa authentication login privilege-mode
aaa authentication port-access eap-radius
radius-server key xxxxxxxx
radius-server host 172.27.254.1
radius-server host 172.27.254.2
aaa port-access authenticator active
aaa port-access authenticator 1-24
aaa port-access authenticator 1-24 client-limit 3
aaa port-access mac-based 1-24
aaa port-access mac-based 1-24 addr-limit 3
aaa port-access mac-based 1-24 logoff-period 86400
aaa port-access 1-24 mixed
aaa port-access mac-based 1-24 unauth-vid 89
include-credentials radius-tacacs-only
aaa port-access mac-based addr-format multi-colon
What is going on ? is it a bug on the switch side ?
#authentication#2620#802.1x