07-03-2025 06:27 AM
Hi,
in our network, we have “silent devices” such as label printers and VoIP phones. These devices are physically connected to the network but do not initiate any active communication. They are intended to be authenticated via NAC.
However, after some time, they become unreachable, as the system considers them "offline"—even though the corresponding port remains active. In this state, the device can no longer be accessed.
As soon as we manually assign a static VLAN to the port, the device starts working properly again.
We are using both EXOS and VOSS. The reauthentication timer is set to 8 hours.
For EXOS, we tried to resolve the issue by setting idle-timeout 0 via NAC, but unfortunately, this did not solve the problem.
Has anyone encountered similar behavior or found a solution?
Thanks
Solved! Go to Solution.
07-04-2025 05:27 AM
The problem here is most of the time the timeout of the FDB entry.
If you haven't done so, you can check the following kb article with some options: https://extreme-networks.my.site.com/ExtrArticleDetail?an=000057116
07-04-2025 06:24 AM
hi
you need to set the session-timeout to 0.
Try to send theses attributes in the radius accept:
Session-Timeout=0
Idle-Timeout=0
NR
rmu
07-07-2025 03:15 AM
Default FDB time-out is 300 sec or 6 min.
Default ARP time-out is 6 hours or 21.600 sec.
Can it help to
regards
WillyHe
07-07-2025 05:25 AM
Some background for this idea.
In the past (suppose it is still the case) when on a L3 interface (VLAN or PORT) a MAC address entry aged, before removing the MAC address and ARP entry from the tables, a ARP request (RE-ARP) was send.
In some network setups, it was then advised to make the FDB time-out few seconds higher then the ARP time-out.
regards
WillyHe