Hello
I have CPPM acts as radius auth server and HPE Procurve 2930F switch with port-access mac-base authentication enabled. I have very strange issue. Namely I see multiple auth request in very short period of time when clients on switch port exceed addr-limit value. For example if addr-limit is configured to 1 and I connect second client to this port using unmanaged switch I receive flood requests on CPPM access tracker. I must increase addr-limit value to avoid problem. But this is not the solution for me because I need to restrict access to only 1 client/MAC on port.
As i mentioned above I have configured mac-base authentication on switch port and enabled user-role for dynamically assign vlan :
untagged vlan 1
aaa port-access mac-based
aaa port-access mac-based addr-limit 1
aaa port-access mac-based addr-moves
spanning-tree admin-edge-port
spanning-tree bpdu-protection
loop-protect
exit
Radius:
radius-server host 10.90.0.3 key secret
radius-server host 10.90.0.3 dyn-authorization
radius-server host 10.90.0.3 time-window plus-or-minus-time-window
radius-server host 10.90.0.3 time-window 30
radius-server dead-time 5
AAA:
aaa server-group radius CPPM host 10.90.0.3
aaa accounting update periodic 5
aaa accounting network start-stop radius server-group CPPM
aaa authorization user-role enable
aaa authentication port-access eap-radius server-group CPPM
aaa authentication mac-based chap-radius server-group CPPM
I even try change port-security learn mode on switch to port-access from continuous but without any results. Can anyone help me resolve this issue and explain why CPPM receive so many request from NAS switch.