Security

 View Only
last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Printer MAC Authentication issue after enabling Port Access on the Switch

This thread has been viewed 30 times
  Thread closed by the administrator, not accepting new replies.
  • 1.  Printer MAC Authentication issue after enabling Port Access on the Switch

    Posted Apr 16, 2018 11:54 AM
    No replies, thread closed.

    I have added the printer MAC Address in Endpoints.  Once Port Access is enabled on that switch port the printer goes offline.  We have it setup this way for all other printers and they don't have any issues.  If I turn off Port config they printer comes back online.  It's and HP LaserJet M553.  Any suggestions would be appreciated.

     

    Thank you,

     



  • 2.  RE: Printer MAC Authentication issue after enabling Port Access on the Switch

    EMPLOYEE
    Posted Apr 16, 2018 11:58 AM
    No replies, thread closed.
    What is “port config”?


  • 3.  RE: Printer MAC Authentication issue after enabling Port Access on the Switch

    Posted Apr 16, 2018 12:00 PM
    No replies, thread closed.

    The Port Access settings on the Switch

     

    no aaa port-access authenticator 25
    no aaa port-access authenticator 25 client-limit
    no aaa port-access mac-based 25
    aaa port-access authenticator 25 supplicant-timeout 30
    aaa port-access authenticator 25 tx-period 30



  • 4.  RE: Printer MAC Authentication issue after enabling Port Access on the Switch

    Posted Apr 16, 2018 01:15 PM
    No replies, thread closed.
    Are you seeing anything in Access Tracker if the device attempting to authenticate ?

    What type of switch are you using ?
    Pardon typos sent from Mobile


  • 5.  RE: Printer MAC Authentication issue after enabling Port Access on the Switch

    EMPLOYEE
    Posted Apr 17, 2018 03:49 AM
    No replies, thread closed.

    Is this happening just for this printer?

     

    Some printers have the habit to go into sleep mode after a period of inactivity, to save power. In such a state, the device only responds to arp requests (and other direct traffic) and will wake up again. If you enable mac-authentication on the port during such a sleep period, it will appear that the device drops off until it generates traffic again. 

     

    If you don't see an authentication request after enabling mac-authentication on the port, try disconnecting the cable (or disable port) and reconnect (or enable); as last resort reboot printer and you should see MAC authentication happen.

     

    As when printers go to sleep, the authentication might time out and get disconnected, in the ArubaOS switches version 16.05 a feature called MAC Pinning was introduced to solve this issue by keeping the authentication active till the device starts sending traffic again. Check out: http://community.arubanetworks.com/t5/Campus-Switching-and-Routing/What-are-the-new-AAA-security-features-introduced-in-ArubaOS/td-p/412700



  • 6.  RE: Printer MAC Authentication issue after enabling Port Access on the Switch

    Posted Apr 17, 2018 08:17 AM
    No replies, thread closed.

    Hi,

    Try to change the logoff timer, it worked for me in a few installations.

    The probleme happens with printers, which go asleep.

    You could set the time for mac and 802.1x

    aaa port-access authenticator 1-48 logoff-period 430000
    aaa port-access mac-based 1-48 logoff-period 3000000



  • 7.  RE: Printer MAC Authentication issue after enabling Port Access on the Switch

    Posted Jul 25, 2024 03:22 AM
    No replies, thread closed.

    Hi,

    unfortunatelly it is not working yet.

    This is the port config:





    interface 6

       untagged vlan 50<u5:p></u5:p>

       aaa port-access mac-based<u5:p></u5:p>

       aaa port-access mac-based mac-pin<u5:p></u5:p>

       aaa port-access mac-based reauth-period 120<u5:p></u5:p>

       spanning-tree admin-edge-port<u5:p></u5:p>

       spanning-tree point-to-point-mac false<u5:p></u5:p>

       exit

    Do someone have a configuration that is working?

    Thank you.



    ------------------------------
    carabina5
    ------------------------------



  • 8.  RE: Printer MAC Authentication issue after enabling Port Access on the Switch

    EMPLOYEE
    Posted Jul 25, 2024 05:25 AM
    No replies, thread closed.

    You responded to a very old discussion. Please followup on your own, or a recent discussion.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------