I know, the question sounds dumb - of course it learns the MAC addresses from the source MAC of the frames it receives. That's not quite what I'm asking.
I know that when the switch receives a frame, it records the source MAC address into the CAM table, for that port/VLAN. Got it.
When the MAB process is executing, it uses the known MAC address to authenticate. What source does MAB use to determine the MAC address? Does it look in the CAM table for the MAC addresses on that port? Or does it require an actual frame to enter the switch before it can begin the MAB process?
Consider this scenario:
- 802.1x/MAB reauthentication timer is 1 hour.
- MAC address inactivity timer is the default of 5 minutes.
- MAB passed successfully at 4:00:00.
- The device sends its last frame at 4:56:00, then goes to sleep for ten minutes
- At 5:00:00, the switch begins reauthentication.
If the switch uses the CAM table, it still has an entry for the device, and can authenticate the device, and it will reauthenticate at 5:00:00 (+/- some seconds)
If the switch requires an actual frame, the port will unauthenticate at 5:00:00, and remain unauthenticated until 5:06:00 when the device sends its next frame. This means the device was 'down' for six minutes.
Thoughts?
No comments:
Post a Comment