We are running dynamic VLAN with 802.1x peap-TLS for our end users and are experiencing an issue where after 24 hours or the weekend a computer powered back on/brought back into the office is blocked by the switch (in this case HP2530-48GB-POE+) for 7 minutes until it just lets the device on the network.
Double checking the NPS logs shows the server replying to the switch that this host is granted access and passed it's health checks when the host first tries to get on the network.
Here is a snippet of our config:
; J9775A Configuration Editor; Created on release #YA.16.04.0016 ; Ver #10:19.02.13.98.82.34.61.18.28.f3.84.9c.63.ff.37.27:00 hostname "HP2530-48G-3" console baud-rate 115200 dhcp-snooping authorized-server 10.1.10.1 dhcp-snooping authorized-server 10.10.10.10 dhcp-snooping authorized-server 10.10.10.11 dhcp-snooping vlan 1-2 1003 1005 1007 1012 1014 1016 1018 1020 dhcp-snooping vlan 1022 1024 1026 1028 1030 1032 1034 trunk 47-48 trk1 trunk banner motd "BANNER" logging 10.10.10.17 max-vlans 64 radius-server host 10.10.10.10 key radius-server host 10.10.10.11 key timesync sntp sntp unicast sntp server priority 1 10.10.10.10 sntp server priority 2 10.10.10.11 no stack no telnet-server time daylight-time-rule continental-us-and-canada time timezone -500 no web-management ip default-gateway 10.10.10.1 ip dns server-address priority 1 10.10.10.10 ip dns server-address priority 2 10.10.10.11 interface Trk1 dhcp-snooping trust exit snmp-server community "public" snmp-server contact "IT Department" location "1st Floor Data" aaa accounting update periodic 10 aaa accounting suppress null-username aaa accounting exec stop-only radius aaa accounting system stop-only radius aaa authentication web login radius local aaa authentication web enable radius local aaa authentication ssh login radius local aaa authentication ssh enable radius local aaa authentication port-access eap-radius aaa port-access authenticator 1-46 ... aaa port-access authenticator 2 unauth-vid 2 aaa port-access authenticator 2 unauth-period 60 aaa port-access authenticator 3 unauth-vid 2 aaa port-access authenticator 3 unauth-period 60 ... aaa port-access authenticator active vlan 1 name "default" untagged 1-46,49-52 tagged Trk1 ip address 10.10.10.100 255.255.254.0 ip helper-address 10.10.10.10 ip helper-address 10.10.10.11 ip helper-address 10.10.10.4 exit vlan 2 name "guest" tagged Trk1 no ip address ip helper-address 10.1.10.1 exit ... vlan 1038 name "DEPARTMENT1" tagged Trk1 ip address 10.10.38.100 255.255.255.0 ip helper-address 10.10.10.10 ip helper-address 10.10.10.11 exit vlan 1040 name "Digital-Signange-TVs" tagged Trk1 ip address 10.10.40.100 255.255.255.192 ip helper-address 10.10.10.10 ip helper-address 10.10.10.11 exit spanning-tree 40 admin-edge-port spanning-tree Trk1 priority 4 bpdu-protection no tftp server no dhcp config-file-update no dhcp image-file-update no dhcp tr69-acs-url device-profile name "default-ap-profile" cos 0 exit activate software-update disable activate provision disable password manager password operator Anyone ever experience this or can know how else I can troubleshoot this issue?
No comments:
Post a Comment