11-22-2018 04:09 AM
I have Aruba switch with mac-auth configured for Mitel phones, but hey are re-authing every 1 second which seems excessive,
I have found a setting for the reauth-period but i haven't set this.
I can't find any documentation on reauthentication either.
Solved! Go to Solution.
Re: MAC Re-Auth every 1 second
11-22-2018 07:05 AM
Not sure, if it similar issue but I have come across issue where Ip phones keep trying authentication and in CPPM we are seeing continous timeouts in access tracker.
Issue got fixed after increasing the settings
On the switch,changed the following port settings:
aaa port-access authenticator
aaa port-access authenticator quiet-period 30
aaa port-access authenticator tx-period 10
aaa port-access authenticator max-requests 3
aaa port-access authenticator logoff-period 862400
aaa port-access authenticator client-limit 3
aaa port-access authenticator 1/11 quiet-period 60 à default value
aaa port-access authenticator 1/11 tx-period 30 -> default value
aaa port-access authenticator 1/11 max-requests 2 -> default value
aaa port-access authenticator 1/11 client-limit 32
After the restarts, all IP Phones are connected and authenticated using EAP-TLS. No timeouts occurred since.
If my post address your queries, give kudos and accept as solution!
NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
11-22-2018 09:23 AM
Figured it out,
turns out the phone had a switch plugged into the PC port and the devices where authenticating because they where accessing the network.
I add the command
aaa port-access mac-based <port ID> addr-limit 10
the devices are not yet enabled for 802.1x