Yup
Name: 02-01-7C-B3-A0-25, IP: 192.168.230.6, MAC: 02:01:7c:b3:a0:25, Age: 00:00:03
Role: authenticated (how: ROLE_DERIVATION_MBA_VSA), ACL: 86/0
Authentication: Yes, status: successful, method: 802.1x, protocol: PAP, server: cppmndvip
Authentication Servers: dot1x authserver: , mac authserver: cppmndvip
Bandwidth = No Limit
Bandwidth = No Limit
Role Derivation: ROLE_DERIVATION_MBA_VSA
VLAN Derivation: MBA MSFT Attributes
Idle timeout (global): 300 seconds, Age: 00:00:00
Mobility state: Wired, HA: Yes, Proxy ARP: No, Roaming: No Tunnel ID: 0 L3 Mob: 0
Flags: internal=0, trusted_ap=0, l3auth=0, mba=1, vpnflags=0, u_stm_ageout=0
Flags: innerip=0, outerip=0, vpn_outer_ind:0, download=1, wispr=0
IP User termcause: 10
phy_type: Wired, l3 reauth: 0, BW Contract: up:0 down:0, user-how: 1
Vlan default: 333, Assigned: 333, Current: 333 vlan-how: 12 DP assigned vlan:0
Mobility Messages: L2=0, Move=0, Inter=0, Intra=0, Flags=0x0
SlotPort=0x1f, Port=0x1001f (tunnel 31)
Essid: 192.168.4.6:0/1, Bssid: 00:00:00:00:00:00 AP name/group: ND-503H-1/NorthDalton OIAB Phy-type: Wired Forward Mode: tunnel
AP IP: 192.168.4.6
RadAcct sessionID:02-01-7C02017CB3A025-6329DF7B-68065
RadAcct Traffic In 0/0 Out 0/0 (0:0/0:0:0:0,0:0/0:0:0:0)
Timers: L3 reauth 0, mac reauth 3600 (Reason: Radius Server Session Timeout), dot1x reauth 0 (Reason: )
Profiles AAA:ND-OIAB-AAA-Wired, dot1x:cotwmm_dot1_aut, mac:ND-OIAB-MAC-Auth CP:n/a def-role:'logon' via-auth-profile:''
ncfg flags udr 0, mac 1, dot1x 1, RADIUS interim accounting 1
IP Born: 1663688570 (Tue Sep 20 16:42:50 2022)
Core User Born: 1663688570 (Tue Sep 20 16:42:50 2022)
Upstream AP ID: 0, Downstream AP ID: 0
User Agent String:
L3-Auth Session Timeout from RADIUS: 0
Mac-Auth Session Timeout Value from RADIUS: 3600
Original Message:
Sent: 9/20/2022 11:18:00 AM
From: bd_87
Subject: RE: Reauth on AP wired port not working
does "show user Mac <mac-address>" give you any detail about session timeout received from ClearPass?
------------------------------
ACNSA | ACEA | ACCP | ACMP
------------------------------
Original Message:
Sent: Sep 20, 2022 11:06 AM
From: Alex Sharaz
Subject: Reauth on AP wired port not working
Hi,
I have an AP 503H that has a requirement to perform mac base auth on devices conected to ethernet port E1 ( controller running 8.10.0.3)
In clearpass I'm returning
Aruba-User-Role: authenticated - i.e using the default mobility controller "authenticated" role
Session-Timeout = 3600
Termination-Action = 1
Tunnel-Medium-Type = 6
Tunnel-Private -Group-Id = 333
Tunel-Type = 13
So everything works in that the client is placed in vlan 333 and gets an ip adress via dhcp ... except ... i don't get a reauth time of 1 hour .. reauths seem to be fairly random.
Normally use DUPs now so its been a while doing it this way, but fairly convinced that it should work. The mobiliy controller is set to accept reauths from cppm and recognise Termination-Action
The client in question is a baby NEOPI02 Ubuntu box
Am i missing anything?
BTW, notice that 8.10.0.3 seems to have been pulled form asp.arubanetworks.com, certainly cant see it being available for download ... was there an issue with it ?
Rgds
Alex