David Sankovsky
asked on
802.1x reauth every 30 seconds.
Hi fellas.
I have a rather strange problem.
I have an Aruba ClearPass installed at one of my clients who has an assortment of various switches communicating with it and using it as a Radius and a NAC.
one of them is an HP 4204VL.
We are currently debugging a certain computer to try and find the cause, but the problem is not localized to that specific computer, switch or switch model.
The problem is as follows:
When a network cable is plugged into the computer, it attempts to authenticate against the switch - the switch sends the 802.1x frame to the clearpass which authenticates the user against the active directory and approves the user - so far, so good. the problem is, this process repeats itself every 30 seconds (and I do mean every 30 seconds on the clock.
The authentiction config is as follows:
The operating system is Windows 7.
I should note the following - if I force a re-auth via the switch, the system normalizes (on the specific port I forced to reauth) for 3 hours, but then it goes back to the same problem.
I tried uninstalled the antivirus and any other debug I could think of.
any help of Idea you might have will be appriciated.
I have a rather strange problem.
I have an Aruba ClearPass installed at one of my clients who has an assortment of various switches communicating with it and using it as a Radius and a NAC.
one of them is an HP 4204VL.
We are currently debugging a certain computer to try and find the cause, but the problem is not localized to that specific computer, switch or switch model.
The problem is as follows:
When a network cable is plugged into the computer, it attempts to authenticate against the switch - the switch sends the 802.1x frame to the clearpass which authenticates the user against the active directory and approves the user - so far, so good. the problem is, this process repeats itself every 30 seconds (and I do mean every 30 seconds on the clock.
The authentiction config is as follows:
4204VL_Netanya(config)# show port-access authenticator b24 config
Port Access Authenticator Configuration
Port-access authenticator activated [No] : Yes
Allow RADIUS-assigned dynamic (GVRP) VLANs [No] : No
| Re-auth Access Max Quiet TX Supplicant Server Cntrl
Port | Period Control Reqs Period Timeout Timeout Timeout Dir
---- + ------- -------- ----- ------- -------- ---------- -------- -----
B24 | 28800 Auto 2 60 30 300 300 both
The operating system is Windows 7.
I should note the following - if I force a re-auth via the switch, the system normalizes (on the specific port I forced to reauth) for 3 hours, but then it goes back to the same problem.
I tried uninstalled the antivirus and any other debug I could think of.
any help of Idea you might have will be appriciated.
it's been a while since I've worked with Clearpass, and have no LAB sytem at hand to look at, if there could be some timeout values or anything. But have you checked with airheards.arubanetworks.co m community - loads of Clearpass Experts there
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This could come from a switch configuration. Do you have multicast triggering enabled?
Any legacy 802.1x support enabled on the switches?
Example:
int GigabitEthernet1/0/x
undo dot1x multicast-trigger