Comware

 View Only

Phone's address mac learning problem

This thread has been viewed 8 times
  • 1.  Phone's address mac learning problem

    Posted May 29, 2024 10:29 AM

    Hello there,

    I am taking the liberty to writing here because I encountered a problem with my Aruba switch 6200 (ArubaOS-CX10.13). Indeed, I connect an Aastra phone to a port configured in 802.1x and MAC authentication bypass. Therefore the interface doesn't have a vlan configuration because the vlan will be assigned by the NAC . Problem: the MAC address of the phone is not present in the switching table even though it is up (POE is enabled). So the phone can't do an authentication with the NAC (by MAB). If anyone has tip or solution, I am very interested. Thanks.

    Bellow, you will find my configuration:

    radius dyn-authorization enable
    radius-server host 10.100.95.35 key plaintext xxxxxxxxxxxxxxxxxxxxx
    aaa authentication allow-fail-through
    aaa group server radius nacsma01
    server 10.100.95.35
    aaa accounting port-access start-stop group nacsma01
    
    aaa authentication port-access mac-auth enable
    aaa authentication port-access mac-auth radius server-group nacsma01
    
    aaa authentication port-access dot1x authenticator enable
    aaa authentication port-access dot1x authenticator radius server-group nacsma01
    
    int 1/1/10
    no shut
    aaa authentication port-access auth-precedence dot1x mac-auth
    aaa authentication port-access auth-priority dot1x mac-auth  
    aaa authentication port-access dot1x authenticator enable 	
    aaa authentication port-access mac-auth enable
    aaa authentication port-access dot1x authenticator max-eapol-requests 3
    aaa authentication port-access dot1x authenticator max-retries 3
    aaa authentication port-access dot1x authenticator quiet-period 5
    aaa authentication port-access dot1x authenticator discovery-period 5
    aaa authentication port-access auth-mode multi-domain
    aaa authentication port-access client-limit multi-domain 2
    

    And here, you will find my observations:

    Aruba6200# sh mac-address-table int 1/1/10
    No MAC entries found.
    
    Aruba6200# sh int br
    --------------------------------------------------------------------------------------------------------
    Port           Native  Mode   Type           Enabled Status  Reason                  Speed   Description
                   VLAN                                                                  (Mb/s)
    --------------------------------------------------------------------------------------------------------
    
    1/1/10         1       access 1GbT           yes     up                              100     --
    
    Aruba6200# sh events 
    2024-05-27T14:36:45.829772+02:00 Aruba6200 intfd[756]: Event|404|LOG_INFO|UKWN|1|Link status for interface 1/1/10 is down - Administratively down
    2024-05-27T14:36:45.864794+02:00 Aruba6200 port-accessd[4091]: Event|10534|LOG_INFO|CDTR|1|Interface 1/1/10 is unblocked by port-access.
    2024-05-27T14:36:49.936225+02:00 Aruba6200 intfd[756]: Event|403|LOG_INFO|UKWN|1|Link status for interface 1/1/10 is up at 100 Mbps
    2024-05-27T14:36:49.966981+02:00 Aruba6200 hpe-mstpd[3501]: Event|2012|LOG_INFO|CDTR|1|CIST - Topology Change generated on port 1/1/10 going in to forwarding
    2024-05-27T14:36:49.969911+02:00 Aruba6200 port-accessd[4091]: Event|10533|LOG_INFO|CDTR|1|Interface 1/1/10 is blocked by port-access.
    2024-05-27T14:36:50.258640+02:00 Aruba6200 hpe-mstpd[3701]: Event|2012|LOG_INFO|STBY|2|CIST - Topology Change generated on port 1/1/10 going in to forwarding
    

    Best regards,

    HB