cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

NAC sleeping devices

NAC sleeping devices

Chacko
Contributor
Hi,

in our company, we have/had several issues with devices, which are authenticated by NAC, but then go into a sleeping mode.
Like designed, after 300 seconds the MAC address is flushed from the port and the NAC denies access to the port.

But if you now have a printer, or a UPS etc., the devices is not reachable and won't wake up again, without a request.

I started to experiment with UPM scripts, so that a static fdb entry is created and deletet with the occurence of the netlogin logs, but I don't know if that's the right way to do this.

Has anyone experienced similar issues and maybe have a easier solution for this?

Best Regards
Chacko
3 REPLIES 3

OscarK
Extreme Employee
Do you have EXOS switches ? On EXOS by default iparp refresh is enabled, which means at 75 % of the aging time EXOS would do an arp request to the device to prevent aging. If on the DGW this is enabled, you change the aging time for fdb on the switch to be the same or higher than the iparp aging time, this iparp refresh mechanism would keep the port active as it could wake up the device without the fdb being aged out ?

So, after three days, it really seems to work.
I've set the timeout to 5 minutes and now all the new small printers aren't changing to the "network sleeping mode" and NAC is still working.

Many thanks for that hint, worked well for me šŸ™‚

Yeah, we use EXOS switches (Summit-Family).
We haven't changed the default values for that, so the fdb-entries time out after 300 seconds and the DGW has the standard of 20 minutes iparp timeout - but that is a good idea.
I will set the iparp timeout to 5 minutes next week and will have a look on the printers.

If that's working I would be really happy.
I will keep you updated on this.
GTM-P2G8KFN