HPE Aruba > port access > client inactivity timeout problem > for example a printer that sleeps

problem: if you have a device that does not initiate any periodic network traffic, since it sleeps will be forgotten
by the switch, since the default inactivity timer is 5 minutes (300 seconds)

>> you can change this using a local role!

#create a new local role
cx-switch(config)# port-access role printer
cx-switch(config-pa-role)# client-inactivity timeout 4294967295
cx-switch(config-pa-role)# exit

#assign the role to a interface
cx-switch(config)# interface 1/1/16
cx-switch(config-if)# aaa authentication port-access auth-role printer


#sample of a whole interface config, with mac authentication
cx-switch# show running-config interface 1/1/16
interface 1/1/16
no shutdown
no routing
vlan access 14
aaa authentication port-access client-limit 2
aaa authentication port-access reject-role unknown
aaa authentication port-access auth-role printer
aaa authentication port-access mac-auth
cached-reauth
cached-reauth-period 86400
enable
dhcpv4-snooping trust
dhcpv6-snooping trust
loop-protect
exit


#how to mix the role parameters with radius parameters? >> use aaa authentication port-access radius-override
aaa authentication port-access radius-override enable

Description

Enables or disables radius-override support at the interface context. When radius-override support is enabled, a new RADIUS overridden role is created with a combination of LUR/DUR along with RADIUS attributes for the corresponding client-role attributes such as VLANs, captive portal URL, and downloadable gateway role. When the RADIUS override support is disabled, then only the user-roles get applied to the client.

-----------------------------------
documentation
- https://www.arubanetworks.com/techdocs/AOS-CX/10.11/HTML/security_6200-6300-6400/Content/Chp_Port_acc/Port_acc_gen_cmds/aaa-aut-por-acc-rad-ove.htm

computer2know :: thank you for your visit :: have a nice day :: © 2024