Downloadable User-Role and NTP sync
02-12-2019 01:59 AM - edited 02-18-2019 07:05 AM
I have an issue with the usage of downloadable user-role and NTP time sync. Downloadable user-role are working like a charm, but this happens when the switch returns from a power outage.
I configured two NTP servers with the iburst option for aggressive polling, but the successful time sync happens just after the wired auth. Because the time is off, the user-role cannot be downloaded and the ports get the default denyall user-role. This role doesn't have a reauth period configured.
I 02/12/19 10:04:15 04910 ntp: ST1-CMDR: All the NTP server associations reset. I 02/12/19 10:04:15 04909 ntp: ST1-CMDR: The NTP Stratum was changed from 16 to 4. I 02/12/19 10:04:15 04908 ntp: ST1-CMDR: The system clock time was changed by 918810079 sec 463263273 nsec. The new time is Tue Feb 12 10:04:15 2019 I 01/01/90 01:02:55 05747 DFP: ST1-CMDR: device_fingerPrinting: Hardware Rules updated successfully for port:1/1, protocol:80, client:08:00:0F:9D:45:BF W 01/01/90 01:02:55 05204 dca: ST1-CMDR: Failed to apply user role _VOIP___DUR_-3005-1_7Z4q to macAuth client 08000F9D45BF on port 1/1: user role is invalid. W 01/01/90 01:02:55 05620 dca: ST1-CMDR: macAuth client 08000F9D45BF on port 1/1 assigned to initial role as downloading failed for user role _VOIP___DUR_-3005-1. I 01/01/90 01:02:53 04911 ntp: ST1-CMDR: The NTP Server 10.128.10.51 is unreachable.
Since the denyall user-role is read-only, I cannot change the reauthentication period from the user-role.
User Role Information Name : denyall Type : predefined Reauthentication Period (seconds) : 0 Cached Reauth Period (seconds) : 0 Logoff Period (seconds) : 300 Untagged VLAN : Tagged VLAN : Captive Portal Profile : Policy : denyall_104112101032097114117098097032098105108108 Tunnelednode Server Redirect : Disabled Secondary Role Name : Device Attributes : Disabled
I am curious if somebody experienced the same issue and how you resolved it.
Re: Downloadable User-Role and NTP sync
02-12-2019 02:16 PM
A software fix for the clock reset on cold boot/power loss issue on the 2930F and 2540 is in the works, and is expected to be released by the end of February.