Wired Intelligent Edge (Campus Switching and Routing)

Reply
Contributor II

LaserJet disappearing

We are in the process of rolling out our new HP 2930F switches (ver WC.16.06.0008) and I've encountered an issue with an HP LaserJet in our test building. The device always worked fine on our Aruba MAS switch. I'm using MAC auth with CPPM. It seems to auth fine and is usable. However, after some time (not quite sure how long) the device "disappears" and is no longer available on the network. If I unplug the network cable and replug it, it will re-auth and then is available.

 

I have a TAC case open but thought I would throw it to the community in case it was something obvious.


Mike Naylor
The College of Wooster

Re: LaserJet disappearing

This may be caused by the printer going to "sleep".  You may want to configure MAC Pinning on the port to disable the logoff period and maintain authentication.

 

You can find more info on it here in the Access Security Guide:

 

http://h22208.www2.hpe.com/eginfolib/Aruba/16.07/5200-5361/index.html#GUID-1AD22D7B-CAB4-4EED-9178-FA39E1579819.html

 

Justin

 

 

Contributor II

Re: LaserJet disappearing

I currently have mac auth and 802.1x enabled on all ports.

 

aaa port-access authenticator 1/1-1/48
aaa port-access mac-based 1/1-1/48

Is there any issue with enabling mac-pin for all ports?

 

aaa port-access mac-based 1/1-1/48 mac-pin

Mike Naylor
The College of Wooster

Re: LaserJet disappearing

Hi Mike, 

 

The only potential issue is that all ports you set mac pinning on will pin that mac address to that port.  If those devices are pretty static and don't move around much, like printers, phones, etc. that may be okay.

 

Justin

Contributor II

Re: LaserJet disappearing

Is that only clinets that MAC auth on that port? Also, can you explain a MAC address being "pinned to a port"? What if I move it to another port or plug something else into that port?


Mike Naylor
The College of Wooster

Re: LaserJet disappearing

When you enable mac pinning on the port, mac authenticated clients are "pinned" in the switch authentication table for that port and will maintain their authentication until either the port flaps/bounces, or the switch reboots.

 

Since some devices like printers or medical devices go into a "sleep" mode after a period of time or do not send out any kind of "keep alive" packets, this will allow those device to stay authenticated when "awoken".  Basically the logoff period is disable on the port for that specific client.