Wired Intelligent Edge

last person joined: yesterday 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Back to discussions
Expand all | Collapse all

Downloadable User-Role and NTP sync

This thread has been viewed 1 times

  • 1.  Downloadable User-Role and NTP sync

    Posted Feb 12, 2019 05:00 AM

    I have an issue with the usage of downloadable user-role and NTP time sync. Downloadable user-role are working like a charm, but this happens when the switch returns from a power outage.

     

    I configured two NTP servers with the iburst option for aggressive polling, but the successful time sync happens just after the wired auth. Because the time is off, the user-role cannot be downloaded and the ports get the default denyall user-role. This role doesn't have a reauth period configured.

     

    I 02/12/19 10:04:15 04910 ntp: ST1-CMDR: All the NTP server associations reset.
I 02/12/19 10:04:15 04909 ntp: ST1-CMDR: The NTP Stratum was changed from 16 to 4.
I 02/12/19 10:04:15 04908 ntp: ST1-CMDR: The system clock time was changed by  918810079 sec 463263273 nsec. The new time is Tue Feb 12 10:04:15 2019
I 01/01/90 01:02:55 05747 DFP: ST1-CMDR: device_fingerPrinting: Hardware Rules updated successfully for port:1/1, protocol:80, client:08:00:0F:9D:45:BF
W 01/01/90 01:02:55 05204 dca: ST1-CMDR: Failed to apply user role _VOIP___DUR_-3005-1_7Z4q to macAuth client 08000F9D45BF on port 1/1: user role is invalid.
W 01/01/90 01:02:55 05620 dca: ST1-CMDR: macAuth client 08000F9D45BF on port 1/1 assigned to initial role as downloading failed for user role  _VOIP___DUR_-3005-1.
I 01/01/90 01:02:53 04911 ntp: ST1-CMDR: The NTP Server 10.128.10.51 is unreachable.

    Since the denyall user-role is read-only, I cannot change the reauthentication period from the user-role.

     

     User Role Information

   Name                              : denyall
   Type                              : predefined
   Reauthentication Period (seconds) : 0
   Cached Reauth Period (seconds)    : 0
   Logoff Period (seconds)           : 300
   Untagged VLAN                     : 
   Tagged VLAN                       : 
   Captive Portal Profile            : 
   Policy                            : denyall_104112101032097114117098097032098105108108
   Tunnelednode Server Redirect      : Disabled
   Secondary Role Name               : 
   Device Attributes                 : Disabled

    I am curious if somebody experienced the same issue and how you resolved it.

     

    I "fixed" it via the configuration of a new initial role with a reauth period of 10 seconds. The full configuration can be found on here my personal blog page www.booches.nl.

     



  • 2.  RE: Downloadable User-Role and NTP sync

    EMPLOYEE
    Posted Feb 12, 2019 05:16 PM

    Greetings!

     

    A software fix for the clock reset on cold boot/power loss issue on the 2930F and 2540 is in the works, and is expected to be released by the end of February.