Wired Intelligent Edge

Hi i have an issue with Tunnled mode. 

 

I works for users and a lot of other devices. My issue is with Printers and other devises that have sleep mode where the device do not sent any data for some time. 

 

I see that the tunnel for the user is removed after 300 sec, due to no incomming traffic on the port. 

 

When the printer (or other slepping device) wakes up the tunnel is up again. This gives the issue that the printer not responding, exept for the duration of 300 sec after wakeup.

------- from the switch log --------

I 03/08/18 17:50:38 05407 userTnode: ST2-CMDR: Tunneling user 002673-fa4e65
traffic to User Anchor Controller (UAC) 10.2.1.21 failed due to
reason: Auth Module Removed User.
I 03/08/18 17:50:38 05187 tunneled-node: ST2-CMDR: Tunneled Node: Tunnel
TunneledNodeTnl32 (318767787) deleted.
I 03/08/18 17:50:38 00435 ports: ST2-CMDR: port 2/1 is Blocked by AAA
I 03/08/18 17:50:38 00002 vlan: ST2-CMDR: TN-PRINT virtual LAN disabled
I 03/08/18 17:44:28 05406 userTnode: ST2-CMDR: Port 2/1: tunnel established to
User Anchor Controller (UAC) 10.2.1.21 for user 002673-fa4e65.
I 03/08/18 17:44:27 05185 tunneled-node: ST2-CMDR: Tunneled Node: Tunnel
TunneledNodeTnl32 (318767787) is on-line.
I 03/08/18 17:44:27 05186 tunneled-node: ST2-CMDR: Tunneled Node: Tunnel
TunneledNodeTnl32 (318767787) created.
I 03/08/18 17:44:27 00001 vlan: ST2-CMDR: TN-PRINT virtual LAN enabled
I 03/08/18 17:44:27 00076 ports: ST2-CMDR: port 2/1 is now on-line

--------------

 

i have tried to change the aaa profile to 3600 sec no luck

 

i have no ide where to change this timer ???

 

Latest sw on the switch WC.16.05.0004

 

on the controller Version 8.2.0.2 with Mobility Master

 

Please help only remaning issue :-)

 

 

Greetings!

 

With the introduction of ArubaOS Version 16.05, we have introduced the feature called Mac_Pinning which forces the clients to remain in autheticated state even upon log-off expiry period.  This feature is specifically design for edge devies such as printers and security cameras where they go into sleep mode after some time.

 

With ArubaOS version 16.05, you can implement the following command to keep the printer, in this case, authenticated on the network.

 

aaa port-access mac-based [ethernet] PORT-LIST mac-pin

 

In addition to the Mac_Pinning, you can also extend logoff-period for that specific port where that printer is connected.  The logoff-period sets the period of time of inactivity that the switch considers an implicit logoff.  The default time is 300 seconds.  The command to implemet logoff-period on a specific port is listed below.

 

aaa port-access mac-based [ethernet] PORT-LIST logoff-period <1-9999999>

 

Please note, this feature is per port configurable only.

 

Thank You,

Hello,

 

I have a similar issue with a printer .. 

I've tried your command "aaa port-access mac-based [ethernet] PORT-LIST mac-pin" but without success.

 

2930F Version : WC.16.08.0003

Mobility Controler : 8.4.0.0

 

Any other idea ?

 

Thanks in advance.

what is the session time-out value? please check it under the session details (show port-acces client detailed <interface>

 

i think you need to fine-tune the session-time and log-off period via radius attributes or user role, not via the port-config.

 

Can you check if  you can set the log-off period to 0 in the user role?

 

I would not recommend mac-pinning for a first try, because it is a change to the collorless port-configuration.

Hello Fabian,

 

Thanks for your answer, with your recommendation I have a new symptom:

 

Now when then printer goes in sleeping mode it doesn’t lose its role, the ping is still working but when we send a task to the printer, the printer wakes up, it downloads the task but after that it lose its role and the ping is KO.

 

I have also tried to add the logoff-period at 0 and 999999 on the role and on port with this command "aaa port-access mac-based 38 logoff-period 9999999" which give me the same result ..

 

 

Forgot to ask:

 

Did you configure ip client tracker?

 

This helps to keep the device online by sending an arp probe every X minutes. please also configure a probe delay.

Yes,

The ipclient tracker is configured:

 

ip client-tracker
ip client-tracker probe-delay 15

Try changing the user idle timeout in the AAA profile for the SSID that the printers connect to.

The range is from 30 - 15300 sec (4+ hours).

 

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.
--Problem Solved? Click "Accepted Solution" in a post.

 

Hi @A_RAK,

I don't have a timeout, my problem is that :

 

When then printer goes in sleeping mode it doesn’t lose its role, the ping is still working but when we send a task to the printer, the printer wakes up, it downloads the task but after that it lose its role.

 

And for information, the issue seems to be only with this particular model (KONICA MINOLTA bizhub 4020) so I think my problem come from the printer..but it's still a really strange behavior.

 

PS : (I have checked the configuration of the printer, everythings seems good..)

 

do you have check log ? (on the printer and switch) don't lost network ? (or restart network ?)

 

Hi,

I have a similiar issue but with devices getting built into PXE

I 08/11/21 10:48:42 05407 userTnode: ST1-CMDR: Tunneling user 6c4b90-ee1f7b
traffic to User Anchor Controller (UAC) 10.1.130.31 failed due to
reason: Auth Module Removed User.

Can someone assist with this log. I see this straight after the device gets tunneled which I believe is the issue ?

Many Thanks in advance all



------------------------------
David Hurley
------------------------------

Original Message:
Sent: Sep 24, 2019 06:42 PM
From: Alexis La Goutte
Subject: 2930F Tunnled node session timeout

do you have check log ? (on the printer and switch) don't lost network ? (or restart network ?)

 

Please open a new discussion. This one is old and a lot has changed.

Also, please work with your Aruba partner or Aruba Support, as there is no clear solution in the discussion above, and not enough information to get to a conclusion.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Aug 11, 2021 06:21 AM
From: David Hurley
Subject: 2930F Tunnled node session timeout

Hi,

I have a similiar issue but with devices getting built into PXE

I 08/11/21 10:48:42 05407 userTnode: ST1-CMDR: Tunneling user 6c4b90-ee1f7b
traffic to User Anchor Controller (UAC) 10.1.130.31 failed due to
reason: Auth Module Removed User.

Can someone assist with this log. I see this straight after the device gets tunneled which I believe is the issue ?

Many Thanks in advance all



------------------------------
David Hurley

Original Message:
Sent: Sep 24, 2019 06:42 PM
From: Alexis La Goutte
Subject: 2930F Tunnled node session timeout

do you have check log ? (on the printer and switch) don't lost network ? (or restart network ?)