2930F Tunnled node session timeout
03-08-2018 09:07 AM
Hi i have an issue with Tunnled mode.
I works for users and a lot of other devices. My issue is with Printers and other devises that have sleep mode where the device do not sent any data for some time.
I see that the tunnel for the user is removed after 300 sec, due to no incomming traffic on the port.
When the printer (or other slepping device) wakes up the tunnel is up again. This gives the issue that the printer not responding, exept for the duration of 300 sec after wakeup.
------- from the switch log --------
I 03/08/18 17:50:38 05407 userTnode: ST2-CMDR: Tunneling user 002673-fa4e65
traffic to User Anchor Controller (UAC) 10.2.1.21 failed due to
reason: Auth Module Removed User.
I 03/08/18 17:50:38 05187 tunneled-node: ST2-CMDR: Tunneled Node: Tunnel
TunneledNodeTnl32 (318767787) deleted.
I 03/08/18 17:50:38 00435 ports: ST2-CMDR: port 2/1 is Blocked by AAA
I 03/08/18 17:50:38 00002 vlan: ST2-CMDR: TN-PRINT virtual LAN disabled
I 03/08/18 17:44:28 05406 userTnode: ST2-CMDR: Port 2/1: tunnel established to
User Anchor Controller (UAC) 10.2.1.21 for user 002673-fa4e65.
I 03/08/18 17:44:27 05185 tunneled-node: ST2-CMDR: Tunneled Node: Tunnel
TunneledNodeTnl32 (318767787) is on-line.
I 03/08/18 17:44:27 05186 tunneled-node: ST2-CMDR: Tunneled Node: Tunnel
TunneledNodeTnl32 (318767787) created.
I 03/08/18 17:44:27 00001 vlan: ST2-CMDR: TN-PRINT virtual LAN enabled
I 03/08/18 17:44:27 00076 ports: ST2-CMDR: port 2/1 is now on-line
i have tried to change the aaa profile to 3600 sec no luck
i have no ide where to change this timer ???
Latest sw on the switch WC.16.05.0004
on the controller Version 18.104.22.168 with Mobility Master
Please help only remaning issue :-)
Re: 2930F Tunnled node session timeout
04-03-2018 01:31 PM
With the introduction of ArubaOS Version 16.05, we have introduced the feature called Mac_Pinning which forces the clients to remain in autheticated state even upon log-off expiry period. This feature is specifically design for edge devies such as printers and security cameras where they go into sleep mode after some time.
With ArubaOS version 16.05, you can implement the following command to keep the printer, in this case, authenticated on the network.
aaa port-access mac-based [ethernet] PORT-LIST mac-pin
In addition to the Mac_Pinning, you can also extend logoff-period for that specific port where that printer is connected. The logoff-period sets the period of time of inactivity that the switch considers an implicit logoff. The default time is 300 seconds. The command to implemet logoff-period on a specific port is listed below.
aaa port-access mac-based [ethernet] PORT-LIST logoff-period <1-9999999>
Please note, this feature is per port configurable only.