Security

I have Aruba switch with mac-auth configured for Mitel phones, but hey are re-authing every 1 second which seems excessive,

I have found a setting for the reauth-period but i haven't set this.

I can't find any documentation on reauthentication either. 

Not sure, if it similar issue but I have come across issue where Ip phones keep trying authentication and in CPPM we are seeing continous timeouts in access tracker.

Issue got fixed after increasing the settings

On the switch,changed the following port settings:

   aaa port-access authenticator

   aaa port-access authenticator quiet-period 30

   aaa port-access authenticator tx-period 10

   aaa port-access authenticator max-requests 3

   aaa port-access authenticator logoff-period 862400

   aaa port-access authenticator client-limit 3

to:

aaa port-access authenticator 1/11 quiet-period 60        à default value

aaa port-access authenticator 1/11 tx-period 30             -> default value

aaa port-access authenticator 1/11 max-requests 2       -> default value

aaa port-access authenticator 1/11 client-limit 32

After the restarts, all IP Phones are connected and authenticated using EAP-TLS. No timeouts occurred since.

Figured it out, 

turns out the phone had a switch plugged into the PC port and the devices where authenticating because they where accessing the network.

I add the command 

aaa port-access mac-based <port ID> addr-limit 10 

the devices are not yet enabled for 802.1x