I have an issue with the usage of downloadable user-role and NTP time sync. Downloadable user-role are working like a charm, but this happens when the switch returns from a power outage.
I configured two NTP servers with the iburst option for aggressive polling, but the successful time sync happens just after the wired auth. Because the time is off, the user-role cannot be downloaded and the ports get the default denyall user-role. This role doesn't have a reauth period configured.
I 02/12/19 10:04:15 04910 ntp: ST1-CMDR: All the NTP server associations reset.
I 02/12/19 10:04:15 04909 ntp: ST1-CMDR: The NTP Stratum was changed from 16 to 4.
I 02/12/19 10:04:15 04908 ntp: ST1-CMDR: The system clock time was changed by 918810079 sec 463263273 nsec. The new time is Tue Feb 12 10:04:15 2019
I 01/01/90 01:02:55 05747 DFP: ST1-CMDR: device_fingerPrinting: Hardware Rules updated successfully for port:1/1, protocol:80, client:08:00:0F:9D:45:BF
W 01/01/90 01:02:55 05204 dca: ST1-CMDR: Failed to apply user role _VOIP___DUR_-3005-1_7Z4q to macAuth client 08000F9D45BF on port 1/1: user role is invalid.
W 01/01/90 01:02:55 05620 dca: ST1-CMDR: macAuth client 08000F9D45BF on port 1/1 assigned to initial role as downloading failed for user role _VOIP___DUR_-3005-1.
I 01/01/90 01:02:53 04911 ntp: ST1-CMDR: The NTP Server 10.128.10.51 is unreachable.
Since the denyall user-role is read-only, I cannot change the reauthentication period from the user-role.
User Role Information
Name : denyall
Type : predefined
Reauthentication Period (seconds) : 0
Cached Reauth Period (seconds) : 0
Logoff Period (seconds) : 300
Untagged VLAN :
Tagged VLAN :
Captive Portal Profile :
Policy : denyall_104112101032097114117098097032098105108108
Tunnelednode Server Redirect : Disabled
Secondary Role Name :
Device Attributes : Disabled
I am curious if somebody experienced the same issue and how you resolved it.
I "fixed" it via the configuration of a new initial role with a reauth period of 10 seconds. The full configuration can be found on here my personal blog page www.booches.nl.