Security

Reply
Highlighted
Contributor I

CPPM Access Tracker Flood - Continuous mac-auth requests from 1 PC

 

I have a CPPM wired solution with mostly HPE Procurve 2930F switches.  I have configured a standard 802.1x wired service as the top service with a typical wired mac-authentication service below it.

 

The issue I am seeing is with a Windows-PC connected to an IP-phone which is connected to a 2930F switchport configured for Clearpass.  During boot of both devices, I see the PC-client mac-address making constant mac-auth requests about every second or two for a few minutes until eventually both the phone and PC authenticate properly (phone via mac-auth and PC via 802.1x machine-auth followed by 802.1x user-auth).  Then, all is well until the next reboot where the same flood of mac-auths happens again.  The same issue happens with a 2530-switch also.

 

Why is the PC sending constant mac-auth requests?  

Secondarily, is the below switch config optimal...or what should be changed for this simple type of solution?

 

***Switch config that is relevant to this issue:

radius-server host x.x.x.x key <key>
radius-server host x.x.x.x key <key>
radius-server host x.x.x.x dyn-authorization
radius-server host x.x.x.x dyn-authorization
radius-server host x.x.x.x time-window 0
radius-server host x.x.x.x time-window 0

aaa server-group radius "group" host x.x.x.x
aaa server-group radius "group" host x.x.x.x

aaa port-access gvrp-vlans
aaa authentication port-access eap-radius
aaa port-access authenticator <port-range>
aaa port-access authenticator <port-range> client-limit 2
aaa port-access authenticator active
aaa port-access mac-based <port-range>
aaa port-access mac-based addr-format no-delimiter
aaa port-access mac-based <port-range> logoff-period 99999

 

***Switch version info:  

Boot image = primary
Primary image stamp = WC.16.02.0014
Boot ROM version = WC.16.01.0003

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: