- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Comware Based
- >
- Re: Frequency of MAC address authentication (phone...
Comware Based
1752327
Members
6156
Online
108786
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-20-2009 06:57 AM
03-20-2009 06:57 AM
Frequency of MAC address authentication (phones)
Prior to a forthcoming changeover to DHCP networking, we've implemented
MAC address access control on our switches (5500/5500PWR), via a Radius
server. This seems to run perfectly well until we include the PoE switches
(reserved for VoIP telephones & wifi APs only) - invariably within an hour of
doing this our Radius server stops working. It appears that, unlike the
computers which authenticate once and then remain on our network until
they're physically removed, the telephones are constantly re-authenticating
themselves, and the volume of requests is making our server grind to a
halt. Our casual observations reveal that when not in use the phones are
re-authenticating randomly at intervals of between 30secs to 2mins; when
in use they re-authenticate every 60 seconds exactly. Our gut feeling is
that the volume of requests, when coincident with a failed request from an
unauthorised machine, is causing the failure.
Our voice and management are set to the same VLAN, and we haven't
noticed any intermittent rebooting/re-registering of the telephones. Apart
from the fault described above, the telephones seem completely stable.
I've spoken to the people who administer our Cisco Call Manager, and
they're pretty sure this is an issue relating to our 3Com switches.
I'd be very grateful for any advice.
Thanks in advance,
Alastair
MAC address access control on our switches (5500/5500PWR), via a Radius
server. This seems to run perfectly well until we include the PoE switches
(reserved for VoIP telephones & wifi APs only) - invariably within an hour of
doing this our Radius server stops working. It appears that, unlike the
computers which authenticate once and then remain on our network until
they're physically removed, the telephones are constantly re-authenticating
themselves, and the volume of requests is making our server grind to a
halt. Our casual observations reveal that when not in use the phones are
re-authenticating randomly at intervals of between 30secs to 2mins; when
in use they re-authenticate every 60 seconds exactly. Our gut feeling is
that the volume of requests, when coincident with a failed request from an
unauthorised machine, is causing the failure.
Our voice and management are set to the same VLAN, and we haven't
noticed any intermittent rebooting/re-registering of the telephones. Apart
from the fault described above, the telephones seem completely stable.
I've spoken to the people who administer our Cisco Call Manager, and
they're pretty sure this is an issue relating to our 3Com switches.
I'd be very grateful for any advice.
Thanks in advance,
Alastair
1 REPLY 1
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-20-2009 08:10 AM
03-20-2009 08:10 AM
Re: Frequency of MAC address authentication (phones)
At first glance this seems more complex than a simple config change and more of a problem for 3Com Tech support to handle than their Forum.
Start with the issue that is the most deterministic first. That would be the 60 Second failure. Your twice as likely to capture info on this issue than some random time between 30 sec-2 mins. Also this has the most enduser impact because the devices are in use when it happens and is probably causing the most impact on your Radius Server
I would suggest a couple of things. I havent dealt with 3Com support much but most support organisation would ask for the following anyway so its still worthwhile
1 Get a packet trace using Wireshark from a port with a phone that fails every 60 seconds.
2 Need the config file from you switch
3 You need to get some logs from the switch around the time of the failure. There are a couple of ways you can do it and all of them are in the manulas just need to do some digging. Serial Connection with Hyperterm, Telnet ( need ro redirect console output to the Telnet session) or syslog. Also I beleive there is a log on the switch itself.
Without some kid of log, trace the following is purely speculation. The 60 Seconds sounds like a a registration timer or polling interval of some sort from the phones or from the switch.
The 30 Sec- 2 Min could be a random keepalive.
When idle the times sounds like a
Start with the issue that is the most deterministic first. That would be the 60 Second failure. Your twice as likely to capture info on this issue than some random time between 30 sec-2 mins. Also this has the most enduser impact because the devices are in use when it happens and is probably causing the most impact on your Radius Server
I would suggest a couple of things. I havent dealt with 3Com support much but most support organisation would ask for the following anyway so its still worthwhile
1 Get a packet trace using Wireshark from a port with a phone that fails every 60 seconds.
2 Need the config file from you switch
3 You need to get some logs from the switch around the time of the failure. There are a couple of ways you can do it and all of them are in the manulas just need to do some digging. Serial Connection with Hyperterm, Telnet ( need ro redirect console output to the Telnet session) or syslog. Also I beleive there is a log on the switch itself.
Without some kid of log, trace the following is purely speculation. The 60 Seconds sounds like a a registration timer or polling interval of some sort from the phones or from the switch.
The 30 Sec- 2 Min could be a random keepalive.
When idle the times sounds like a
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP