Security e-Series

Problem using Port-security with printers

 
FabianoCh
Advisor

Problem using Port-security with printers

Hi, I'am using port-security  userlogin-secure-or-mac-ext. This mode uses 802.1x authentication upon receiving 802.1x packets or uses mac-authentication via Radius upon receiving non-802.1x packets. 

When I reboot the switch, the printer ports are authenticated correctely but they dont get ip address.

If I shutdown the port and put it up again the ip address is assigned normally.

 

I think that its because when the port first goes up after de switch reboot, the comunication with

the dhcp server is not ready as OSPF is still forming adjacency.   So when the printers first send the dhcp request,

they get no answer and then give up trying.  Or, its because the first dhcp requests packets are blocked until the

mac-autentication is done.

 

I've tried to change the mac-authentication timers and get nothing.

 

Have anyone faced this problem  ?  Thanks for any help.

 

my configuration

 port-security enable
#
 dot1x quiet-period
 dot1x timer tx-period 10
 dot1x authentication-method eap

#

 mac-authentication domain mydomain
 mac-authentication user-name-format fixed account xxxx password cipher xxxx

 

 

here is my configuration on interfaces:

 port link-mode bridge
 port link-type hybrid
 port hybrid vlan 1 5 untagged
 voice vlan 15 enable
 mac-vlan enable
 loopback-detection enable
 loopback-detection action semi-block
 port-security port-mode userlogin-secure-or-mac-ext
 dot1x guest-vlan 3
 undo dot1x handshake
 undo dot1x multicast-trigger

 

THANKS FOR ANY HELP.

2 REPLIES 2
JDAIN
Regular Visitor

Re: Problem using Port-security with printers

you can use port-security oui XXXX-XXXX-XXXX index 1, where XXXX-XXXX-XXXX is the MAC address of the printer

 

then in the port

 

port-security port-mode userlogin-withoui

 

 

please let me know if it fix your issue

 

 

FabianoCh
Advisor

Re: Problem using Port-security with printers

Thanks JDAIN, but I need to authenticate using Radius. Finally I solve these issue using these two parameter

in the  radius scheme configuration:

 

timer response-timeout 10
retry 7