- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Web and Unmanaged
- >
- Re: Packet Loss when using MAC Authentication on 1...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-04-2017 12:42 PM
тАО12-04-2017 12:42 PM
Packet Loss when using MAC Authentication on 1920 Switch
We have several HPE 1920-24G switches (JG924A). They are running the latest available firmware. Everything works great on the switch except for when we enable MAC Authentication. When it's enabled, all packets on the switch will drop once or twice every 1-5 minutes. For example, if I have 4 workstations plugged into the switch, all plugged into MAC Authentication enabled ports, and they are all pinging each other, once or twice ever few minutes the ping packets will all timeout at the same time. I only get 1 ping packet timing out, so it's a very brief issue. There are no logs on the switch indicating a problem and there is no MAC authentication happening at the time of the drop. This issue is happening on all of our 1920 switches. I was also able to reproduce it with a new spare 1920 we have and tested with. I contacted HP support and they said it was a configuration issue and offered paid support. If I disable MAC Authentication, the issue goes away, so it's definetly related.
Does anyone have helpful advice or expericence with MAC Authentication?
Below is the relavant configuration settings related to MAC Authentication.
mac-authentication mac-authentication domain MYDOMAIN radius scheme MYRADIUS primary authentication 192.168.5.104 key cipher {Cipher Key Here} secondary authentication 192.168.1.100 key cipher {Cipher Key Here} key authentication cipher {Cipher Key Here} key accounting cipher {Cipher Key Here} user-name-format without-domain domain MYDOMAIN authentication lan-access radius-scheme MYRADIUS authorization lan-access radius-scheme MYRADIUS access-limit disable state active idle-cut disable self-service-url disable
- Tags:
- 1920
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-05-2017 11:58 PM
тАО12-05-2017 11:58 PM
Re: Packet Loss when using MAC Authentication on 1920 Switch
Have you tried to set a higher mac-authentication off-line detect timer. By default it is 5 minutes.
Try to set it higher and see what the result is. As you are pinging, there is traffic so the switch shouldn't throw you out.. but what if there was a bug.. If you change this timer and the behaviour changes you can report that as a bug because that wouldn't be normal.
Set the offline detect timer
mac-authentication timer offline-detect offline-detect-value
Optional
300 seconds by default
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-16-2018 02:28 AM
тАО02-16-2018 02:28 AM
Re: Packet Loss when using MAC Authentication on 1920 Switch
Are there any news regarding this issue? Stumpled upon this problem by preparing a new 1920 for our branch office, strange behavoir. Firmware here is the latest i.e. 5.20.99 Release 1117. Increasing offline detection timer seems to help, but then you can't work with a daisy chained switch, i.e. a NJ5000 on the edge, because the port goes not offline then when the device moves and the user is not amused to wait for reauthenication 1h or so....
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-16-2018 04:40 AM - edited тАО02-19-2018 04:59 AM
тАО02-16-2018 04:40 AM - edited тАО02-19-2018 04:59 AM
Re: Packet Loss when using MAC Authentication on 1920 Switch
Yes, when I lower the value Offline Detection Period value to 60s, every minute 1 or 2 ping pakets are lost. Seems to be a bug, because there is no reason for a reauthentication, therefore I opened a case at HPE.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-28-2018 01:24 AM
тАО02-28-2018 01:24 AM
Re: Packet Loss when using MAC Authentication on 1920 Switch
Here the answer from HPE Support:
...there is a limitation on 1920 that the device cannot detect whether terminal users are still online or not, so by default every "offline detect period" all online users will be logged out by the offline timer and user can re-authenticate to go back online. In the meantime there may be temporary packet dropping or delayed forwarding.
I recommendation is to increase the offline timer so that effect of this limitation of 1920 is minimized.
So that's it. In setups with daisy chained switches behind a 1920 where the port not goes offline when a user moves you can't really use this feature.