Security

We have a couple Lexmark printers that seem to become unavailable after a period of inactivity. I saw a thread on here about changing sleep timers on the switch config, but we run Cisco switches and those commands aren't available. Does anyone else have this issue with ClearPass and Cisco switches? Just trying to rule out ClearPass as the culprit. 

Are you doing authentication on the switchport that the Lexmark is connected to?  We need more details.

Yes, auth on the switchport. Sorry, I kind of thought that was a given. 

Here's my port config. 

switchport mode access
authentication host-mode multi-auth
authentication order dot1x mab
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab
dot1x pae authenticator
dot1x timeout server-timeout 10
dot1x timeout tx-period 5

Here's the command for Aruba switching. Maybe there is a similar configuration option on Cisco IOS:

Specifying the time period enforced for implicit logoff

Syntax:

[no] aaa port-access mac-based [e] <port-list> [logoff-period] <60-9999999>]

Specifies the period, in seconds, that the switch enforces for an implicit logoff. This parameter is equivalent to the MAC age interval in a traditional switch sense. If the switch does not see activity after a logoff-period interval, the client is returned to its pre-authentication state.

Default: 300 seconds

There seems to be timers like this. Thanks, I'm taking a look and testing to see if this helps. 

#authentication timer ?
inactivity     Interval in seconds after which if there is no activity from the client then it will be unauthorized (default OFF)

reauthenticate     Time in seconds after which an automatic re-authentication should be initiated (default 1 hour)

restart     Interval in seconds after which an attempt should be made to authenticate an unauthorized port (default 60 sec)

unauthorized     Time in seconds after which an unauthorized session will get deleted