Security

Reply
Frequent Contributor I

MAC Re-Auth every 1 second

I have Aruba switch with mac-auth configured for Mitel phones, but hey are re-authing every 1 second which seems excessive,

 

I have found a setting for the reauth-period but i haven't set this.

 

I can't find any documentation on reauthentication either. 

MVP Guru

Re: MAC Re-Auth every 1 second

Not sure, if it similar issue but I have come across issue where Ip phones keep trying authentication and in CPPM we are seeing continous timeouts in access tracker.

Issue got fixed after increasing the settings

On the switch,changed the following port settings:

 

   aaa port-access authenticator

   aaa port-access authenticator quiet-period 30

   aaa port-access authenticator tx-period 10

   aaa port-access authenticator max-requests 3

   aaa port-access authenticator logoff-period 862400

   aaa port-access authenticator client-limit 3

 

to:

 

aaa port-access authenticator 1/11 quiet-period 60        à default value

aaa port-access authenticator 1/11 tx-period 30             -> default value

aaa port-access authenticator 1/11 max-requests 2       -> default value

aaa port-access authenticator 1/11 client-limit 32

 

After the restarts, all IP Phones are connected and authenticated using EAP-TLS. No timeouts occurred since.

Regards,
Pavan
If my post address your queries, give kudos and accept as solution!
NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Frequent Contributor I

Re: MAC Re-Auth every 1 second

Figured it out, 

 

turns out the phone had a switch plugged into the PC port and the devices where authenticating because they where accessing the network.

 

I add the command 

 

aaa port-access mac-based <port ID> addr-limit 10 

 

the devices are not yet enabled for 802.1x 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: