Network Management

 View Only
last person joined: 23 hours ago 

Keep an informative eye on your network with HPE Aruba Networking network management solutions
Back to discussions
Expand all | Collapse all

mac auth and printers not working

This thread has been viewed 13 times

  • 1.  mac auth and printers not working

    Posted 2 days ago

    Hello,

    I have to manage some printers with mac authentication and clearpass.
    They are working fine with aruba cx serie switches.

    My problem is with 25XX series switches (ex procurve).
    I have read docs and discussions, but I'm unable to resolve some printers issue.

    The switch is configured with a vlan fake, after mac auth pass, the port is set in a printers vlan and working fine for some times (about 5 min).

    After this time the printers aren't reaceble anymore, I need to unplug o reboot the device.

    I tried some configurations and advices found on post, but nothing seems to work for me.

    aaa port-access mac-based 3 logoff-period 999999          doesn't work

    Last trying conf is:

    interface 6
     
       untagged vlan 50
       aaa port-access mac-based
       aaa port-access mac-based mac-pin
       aaa port-access mac-based reauth-period 120
       spanning-tree admin-edge-port
       spanning-tree point-to-point-mac false
       exit



    This is also not working.

    Please, o someone know what it's workg?

    Do you have any working conf?

    thanks



    ------------------------------
    carabina5
    ------------------------------


  • 2.  RE: mac auth and printers not working

    Posted 2 days ago

    Have you checked the port-access status detail after the client is authenticated and when the device becomes unreachable?

    And does the switch log show something about ports going down or de-authenticated?



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------

    Original Message


  • 3.  RE: mac auth and printers not working

    Posted 23 hours ago

    Hi Herman,

    I rebuild the port configuration, I deleted all aaa command for the port, then restart with new commands:

     
    aaa port-access authenticator 3
    aaa port-access authenticator 3 client-limit 1
    aaa port-access mac-based 3
    aaa port-access mac-based 3 mac-pin
    int 3 
    unt vlan 999
     

    The interface is 3, vlan 999 is fake vlan. Once connected, the printers should have vlan 12.

    I disabled the port and enabled after 10 seconds.

    The printers then was working, answer to ping.

    ====================================================================================

    show vlans 12
     
     Status and Counters - VLAN Information - VLAN 12
     
      VLAN ID : 12
      Name : Clients
      Status : Port-based
      Voice : No
      Jumbo : No
     
      Port Information Mode     Unknown VLAN Status
      ---------------- -------- ------------ ----------
      3                Untagged Learn        Up
      5                802.1x   Learn        Up
      6                802.1x   Learn        Up
      12               802.1x   Learn        Up
      13               MACAUTH  Learn        Up
      18               MACAUTH  Learn        Up
      23               802.1x   Learn        Up
      26               802.1x   Learn        Up
      37               Tagged   Learn        Up
      38               Tagged   Learn        Up
      39               Tagged   Learn        Up
      40               Tagged   Learn        Up
      41               802.1x   Learn        Up
      47               Tagged   Learn        Down
      49               Tagged   Learn        Down
      50               Tagged   Learn        Down
      51               Tagged   Learn        Up
      52               Tagged   Learn        Up
     
      Overridden Port VLAN configuration
     
      Port  Mode
      ----- ------------
      5     No
      6     No
      12    No
      13    No
      18    No
      23    No
      26    No
      41    No
      
    ==================================================================================================
    show interfaces 3
     
     Status and Counters - Port Counters for port 3
     
      Name  :  3071 - 
      MAC Address      : 08f1
      Link Status      : Up
      Port Enabled     : Yes
      Totals (Since boot or last clear) :
       Bytes Rx        : 227,470,949          Bytes Tx        : 1,679,040,614
       Unicast Rx      : 1,010,544            Unicast Tx      : 1,829,231
       Bcast/Mcast Rx  : 4,513                Bcast/Mcast Tx  : 7,406,170
      Errors (Since boot or last clear) :
       FCS Rx          : 0                    Drops Tx        : 1,861,328
       Alignment Rx    : 0                    Collisions Tx   : 0
       Runts Rx        : 0                    Late Colln Tx   : 0
       Giants Rx       : 0                    Excessive Colln : 0
       Total Rx Errors : 0                    Deferred Tx     : 0
      Others (Since boot or last clear) :
       Discard Rx      : 0                    Out Queue Len   : 0
       Unknown Protos  : 0
      Rates (5 minute weighted average) :
       Total Rx (bps) : 3,768                 Total Tx (bps) : 19,992
       Unicast Rx (Pkts/sec) : 4              Unicast Tx (Pkts/sec) : 5
       B/Mcast Rx (Pkts/sec) : 0              B/Mcast Tx (Pkts/sec) : 5
       Utilization Rx  :     0 %              Utilization Tx  : 00.01 %
       
       ===========================================================================================
    show port-access clients
     
     Port Access Client Status
     
      Port  Client Name   MAC Address       IP Address      User Role         Type  VLAN
      ----- ------------- ----------------- --------------- ----------------- ----- -------------------------------------------------------
      3                   mac 3     n/a                               8021X 12
      3     mac3     n/a                               MAC   12
      5     host     n/a                               8021X 12
      6     host/     n/a                               8021X 12
      7     001a     n/a                               MAC   10
      12    host     n/a                               8021X 12
      13    00d0    n/a                               MAC   12
      18    80e82     n/a                               MAC   12
      19    001a     n/a                               MAC   10
      23    host/3     n/a                               8021X 12
      25    001a     n/a                               MAC   10
      26    host/     n/a                               8021X 12
      27    001ae     n/a                               MAC   10
      28    001a     n/a                               MAC   10
      30    001a     n/a                               MAC   10
      33    001     n/a                               MAC   10
      34    000b8c     n/a                               MAC   10
      41    host/     n/a                               8021X 12
      42    001a0     n/a                               MAC   10
      43    001ae     n/a                               MAC   10
      44    e45f01c     n/a                               MAC   18
      
    after few time 802.1X disappear from port 3
      ========================================================================================
    show port-access mac-based clients
     
     Port Access MAC-Based Client Status
     
      Port  MAC Address       IP Address                       Mode Client Status
      ----- ----------------- -------------------------------- ---- --------------------
      3     mac3     n/a                              User authenticated
      7     001a    n/a                              User authenticated
      13    00df     n/a                              User authenticated
      18    80e     n/a                              User authenticated
      19    001     n/a                              User authenticated
      25    001     n/a                              User authenticated
      27    001a     n/a                              User authenticated
      28    001     n/a                              User authenticated
      30    001     n/a                              User authenticated
      33    001a     n/a                              User authenticated
      34    000    n/a                              User authenticated
      42    001a     n/a                              User authenticated
      43    001     n/a                              User authenticated
      44    e45     n/a                              User authenticated
    =============================================================================================================================
    ===============================================================================================================================
    the customer, from time to time was checking the printer. After some ours it said the printer was again unreacheable.
    show time
    Fri Jul 26 13:34:08 2024
    ntp is in sync
    show interfaces brief
     
     Status and Counters - Port Status
     
                              | Intrusion                           MDI  Flow Bcast
      Port         Type       | Alert     Enabled Status Mode       Mode Ctrl Limit
      ------------ ---------- + --------- ------- ------ ---------- ---- ---- -----
      1            100/1000T  | No        Yes     Down   1000FDx    Auto off  0
      2            100/1000T  | No        Yes     Down   1000FDx    Auto off  0
      3            100/1000T  | No        Yes     Up     100FDx     MDIX off  0
      4            100/1000T  | No        Yes     Down   1000FDx    NA   off  0
      5            100/1000T  | No        Yes     Up     1000FDx    MDIX off  0
      6            100/1000T  | No        Yes     Up     10FDx      MDI  off  0
      7            100/1000T  | No        Yes     Up     100FDx     MDIX off  0
      8            100/1000T  | No        Yes     Down   1000FDx    Auto off  0
    ===========================================================================
    show vlans 12
     
     Status and Counters - VLAN Information - VLAN 12
     
      VLAN ID : 12
      Name : Clients
      Status : Port-based
      Voice : No
      Jumbo : No
     
      Port Information Mode     Unknown VLAN Status
      ---------------- -------- ------------ ----------
      5                802.1x   Learn        Up
      12               802.1x   Learn        Up
      13               MACAUTH  Learn        Up
      18               MACAUTH  Learn        Up
      Overridden Port VLAN configuration
     
      Port  Mode
      ----- ------------
      5     No
      12    No
      13    No
    not assigned to port 3
    ==============================================
    show interfaces 3
     
     Status and Counters - Port Counters for port 3
     
      Name  :  3071 -
      MAC Address      : 08f
      Link Status      : Up
      Port Enabled     : Yes
      Totals (Since boot or last clear) :
       Bytes Rx        : 230,544,170          Bytes Tx        : 1,694,811,906
       Unicast Rx      : 1,027,525            Unicast Tx      : 1,845,838
       Bcast/Mcast Rx  : 4,674                Bcast/Mcast Tx  : 7,475,156
      Errors (Since boot or last clear) :
       FCS Rx          : 0                    Drops Tx        : 1,861,328
       Alignment Rx    : 0                    Collisions Tx   : 0
       Runts Rx        : 0                    Late Colln Tx   : 0
       Giants Rx       : 0                    Excessive Colln : 0
       Total Rx Errors : 0                    Deferred Tx     : 0
      Others (Since boot or last clear) :
       Discard Rx      : 0                    Out Queue Len   : 0
       Unknown Protos  : 0
      Rates (5 minute weighted average) :
       Total Rx (bps) : 0                     Total Tx (bps) : 0
       Unicast Rx (Pkts/sec) : 0              Unicast Tx (Pkts/sec) : 0
       B/Mcast Rx (Pkts/sec) : 0              B/Mcast Tx (Pkts/sec) : 0
       Utilization Rx  :     0 %              Utilization Tx  :     0 %

    =============================================================================

    show port-access clients
     
     Port Access Client Status
     
      Port  Client Name   MAC Address       IP Address      User Role         Type  VLAN
      ----- ------------- ----------------- --------------- ----------------- ----- -------------------------------------------------------
      5     host/     n/a                               8021X 12
      7     001a     n/a                               MAC   10
      12    host     n/a                               8021X 12
      13    00d     n/a                               MAC   12
      18    80e     n/a                               MAC   12
      19    001a     n/a                               MAC   10
      23    host/     n/a                               8021X 12

    port 3 is missing

    =============================================================================

    show port-access mac-based clients
     
     Port Access MAC-Based Client Status
     
      Port  MAC Address       IP Address                       Mode Client Status
      ----- ----------------- -------------------------------- ---- --------------------
      7     001a     n/a                              User authenticated
      13    00d     n/a                              User authenticated
      18    80e     n/a                              User authenticated
      19    0018     n/a                              User authenticated
      25    001     n/a                              User authenticated

    ==========================================================================================

    show port-access 3 clients
     
     Port Access Client Status
     
      Port  Client Name   MAC Address       IP Address      User Role         Type  VLAN
      ----- ------------- ----------------- --------------- ----------------- ----- -------------------------------------------------------
     
    # show running-config interface 3
     
    Running configuration:
     
    interface 3
        untagged vlan 999
       aaa port-access authenticator
       aaa port-access authenticator client-limit 1
       aaa port-access mac-based
       aaa port-access mac-based mac-pin
       spanning-tree admin-edge-port
       spanning-tree point-to-point-mac false
       exit

    =================================================================================================================

     
    Aruba-2540-48G-PoEP-4SFPP-BZ31# show logging -r | incl "port 3"
    I 07/26/24 13:28:08 00076 ports: port 36 is now on-line
    I 07/26/24 13:28:08 00435 ports: port 36 is Blocked by STP
    I 07/26/24 13:28:08 00435 ports: port 36 is Blocked by AAA
    I 07/26/24 13:27:47 00077 ports: port 36 is now off-line
    I 07/26/24 13:27:47 00435 ports: port 36 is Blocked by AAA
    I 07/26/24 13:27:25 00077 ports: port 36 is now off-line
    I 07/26/24 13:09:23 00435 ports: port 3 is Blocked by AAA
    I 07/26/24 13:09:22 00077 ports: port 3 is now off-line
    I 07/26/24 13:09:21 00435 ports: port 3 is Blocked by AAA
    I 07/26/24 13:09:19 00077 ports: port 3 is now off-line
    I 07/26/24 11:49:20 00076 ports: port 3 is now on-line
    I 07/26/24 11:49:20 00435 ports: port 3 is Blocked by STP
    I 07/26/24 11:49:00 00435 ports: port 3 is Blocked by AAA
    I 07/26/24 11:48:59 00077 ports: port 3 is now off-line
    I 07/26/24 11:47:00 00076 ports: port 3 is now on-line
    I 07/26/24 11:47:00 00435 ports: port 3 is Blocked by STP
    I 07/26/24 11:46:50 00435 ports: port 3 is Blocked by AAA
    I 07/26/24 11:46:35 00077 ports: port 3 is now off-line
    I 07/26/24 11:44:38 00076 ports: port 3 is now on-line
    I 07/26/24 11:44:38 00435 ports: port 3 is Blocked by STP
    I 07/26/24 11:44:02 00435 ports: port 3 is Blocked by AAA
    I 07/26/24 11:43:57 00077 ports: port 3 is now off-line
    I 07/26/24 11:42:17 00076 ports: port 3 is now on-line
    I 07/26/24 11:42:17 00435 ports: port 3 is Blocked by STP
    I 07/26/24 11:42:08 00435 ports: port 3 is Blocked by AAA
    I 07/26/24 11:42:06 00077 ports: port 3 is now off-line
    I 07/26/24 11:42:06 00435 ports: port 3 is Blocked by AAA
    I 07/26/24 11:42:04 00077 ports: port 3 is now off-line
    I 07/26/24 11:42:04 00435 ports: port 3 is Blocked by AAA
    I 07/26/24 11:42:03 00077 ports: port 3 is now off-line
    I 07/26/24 11:38:54 00076 ports: port 3 is now on-line
    I 07/26/24 11:38:54 00435 ports: port 3 is Blocked by STP
    I 07/26/24 11:38:53 00435 ports: port 3 is Blocked by AAA
    I 07/26/24 11:38:42 00077 ports: port 3 is now off-line
    I 07/26/24 11:37:32 05385 auth: mac-pinning is enabled on port 3 for mac-based
    I 07/26/24 11:36:38 00435 ports: port 3 is Blocked by AAA
    I 07/26/24 11:30:51 05385 auth: mac-pinning is disabled on port 3 for mac-based

    These are logs for port 3 since I disabled and enable aaa auth

    ============================================================================

    Another printer model is working fine, but we have more like this one.

    Thanks



    ------------------------------
    carabina5
    ------------------------------

    Original Message