Hi all,
I am configuring wired NAC on the CX-6200 switch on firmware 10.13.1010. ClearPass authenticates the device through device profile and returns a LUR back to the switch. There's a corresponding role on the switch and reauth-period set to 43200 sec (12 hr). Configurations for the role as shown below:
port-access role SH-Device
description Role for SH devices (e.g. Printer)
associate policy Allow-all
auth-mode client-mode
trust-mode none
reauth-period 43200
vlan access 13
#
The port is configured as shown below:
interface 1/1/25
no shutdown
no routing
vlan access 3999
port-access onboarding-method precedence device-profile aaa
aaa authentication port-access allow-cdp-bpdu
aaa authentication port-access allow-lldp-bpdu
aaa authentication port-access client-limit multi-domain 2
aaa authentication port-access client-limit 2
aaa authentication port-access critical-role No-NAC
aaa authentication port-access dot1x authenticator
max-eapol-requests 1
max-retries 1
reauth
enable
aaa authentication port-access mac-auth
reauth
enable
client track ip enable
exit
The authentication is working and the device is placed into the correct VLAN. The issue is that the device reauthenticates at every 10 mins interval. I even added the reauth-period 43200 under mac-auth on the port itself but result is still the same.
Appreciate any advice.
Thanks.