This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Extreme Control printers losing connection, state "The session is no longer active due to: User-Request."

Extreme Control printers losing connection, state "The session is no longer active due to: User-Request."

Go to solution
Mark_van_Strien
New Contributor III

‎12-21-2020 09:05 AM

Hi,

I am facing some strange thing.

using MAC authentication on a ERS4900 switch for a Canon printer, the printer is losing connections after a while and the state description in XMC Control is “The session is no longer active due to: User-Request.

what can cause this and how to avoid it?

 

kind regards

 

Mark van Strien

 

 

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Miguel-Angel_RO
Valued Contributor II

‎12-22-2020 10:02 PM

Mark

With such symptoms, I would check the EAP timeouts and double check if STP admin-edge is enabled on the ports.

Mig

View solution in original post

0 Kudos
18 REPLIES 18

Go to solution
Mark_van_Strien
New Contributor III

‎12-22-2020 09:01 PM

Miguel-Angel,

Thank for Helping !

I am using Fabric Attach on the ERS switch.

In the logging of the switch there is no info on ports that are losing there vlan. the only info in log is the info about the toggled port doing a eap authentication and requesting the assigned vlan on the uplink port.

 

kind regards

Mark van Strien

 

0 Kudos

Go to solution
Miguel-Angel_RO
Valued Contributor II

‎12-22-2020 08:22 PM

Mark,

First comment is that Egress-VLANID=0x31 means tagged VLAN while you assign it as PVID.

One ting not clear is if you are doing Fabric-Connect up to the edge or Fabric Attach on the ERS.

Could you clarify?

Here my radius attributes template for BOSS with FC up to the edge:

FA-VLAN-Create=1
FA-VLAN-ISID=%VLAN_ID%:%CUSTOM1%
Egress-VLANID=0x%CUSTOM2%
FA-Service-Request=BPDU
FA-Service-Request=SLPPGUARD
FA-Service-Request=DHCPSNOOP:%VLAN_ID%
Service-Type=%MGMT_SERV_TYPE%

You should check on “show logg sort” to see what kind of event is happening if any.

 

Mig

0 Kudos

Go to solution
Mark_van_Strien
New Contributor III

‎12-22-2020 05:07 PM

Hi all,

So after a day of testing, the problem seems a bit different …..
The printer port  of the switch is losing connection not after a timeout or the printer going to standby but when a other port is doing a eap authentication.

Example 1
Printer is on port 1 of the switch, authenticated and replying to ping. On the switch I toggle port 2 where a mitel phone with mac authentication is booting. The second port 2 receives the vlan assignment port 1 loses the vlan and doesn’t recover.

Example 2
Mitel phone is on port 2 authenticated and replying to ping. Port 1 with the printer is toggled, port 2 loses the vlan for a short time and recovers, ping reply is lost short time but recovers.

It looks like after that after a port toggle and a Eap authentication of a port some ports losing authentication……..

First I look in gtac knowledgebase and found https://extremeportal.force.com/ExtrArticleDetail?an=000072473&q=ers%20eap%20problem

So I upgraded the switch to firmware version v7.8.2.027 but no differed output L

Attributes send by XMC control are:

For the printer on port 1

FA-VLAN-Create=1
Egress-VLANID=0x32000066
FA-VLAN-ISID=102:102
FA-VLAN-PVID=102
FA-Client-Trust=1
FA-Service-Request=WOL

For the Mitel Phone on port 2

FA-VLAN-Create=1
FA-VLAN-ISID=152:152
FA-VLAN-PVID=152
FA-Client-Trust=1
Egress-VLANID=0x31000098

 

Completely confused ….

Kind regards

Mark van Strien

0 Kudos

Go to solution
Miguel-Angel_RO
Valued Contributor II

‎12-21-2020 05:35 PM

Hi Mark,

 

One trick I used for your use case (printers with MAC auth) is to adapt the eapol port settings sending the following radius attribute in the answer:

FA-Service-Request=WOL

This keeps the broadcast and multicast go through even when the port is not authenticated.

That helped on several cases.

You can also do it manually with the following setting in the EDM:

72f6eb0eccd941f88022ea932ba320ac_bca9d042-8bbc-4067-8c37-8feecfede832.png

I would suggest also to keep the firmware of the printers up to date and if possible configured for 802.1X

Regards

 

Mig

0 Kudos

Go to solution
Mark_van_Strien
New Contributor III

‎12-21-2020 04:18 PM

Hello Stephan and Brian,

thanks for helping !!!!

there was a mac and a permanent ping was running on the printer ip. So the switch was using the mac to forward the ping packet. So why dropping the authentication or connection?
If I see the ping stop and I look direct in Extreme Control the state is The session is no longer active due to: User-Request.

I will search the settings of the Canon printer, but other Canon printers without port authentication don’t lose ping or connection when going into standby.

Regard Mark van Strien

0 Kudos
GTM-P2G8KFN