- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
4 weeks ago
Hello,
For many of our customers we have silent devices, such as (old) printers, badgereaders,plc's etc..
The only "solution" we are using right now is the put a reauth timer of 270. Forcing all those devices to reauth every 270 so they stake "awake".this puts quite a strain on the NAC engine.
I'm wondering is anyone using other solutions?
I thought about increasing mac-aging to 8hours but in large enviorment its unclear if some of those devices will send something in those 8 hours.
With other vendors i worked with we could send an arp every X seconds to keep them awake or use reauth:0
but that does not seem to work for VOSS.
Any suggestions?
Thanks!
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
4 weeks ago
I would recommend to upgrade to release 9.2 on switches, where silent devices are connected!
There are following changes made recently in VOSS/FabricEngine OS for silent devices:
Rel. 9.1
We made the following auto-sense state machine changes with the purpose of accommodating these kind of devices
(9.1.0.0)
Enable EAP and flex-uni in WAIT state to be able to authenticate the IoT MAC address (from the first DHCP packet) through the RADIUS Server.
After the VSA from RADIUS is received, we transit the port in the newly added WAIT-EAP state,
in which we also create a SWUNI in the data/onboarding I-SID or the Radius returned VLAN/ISID,
to place the IOT device in the same VLAN as the DHCP Server and make it reachable.
Now, the IoT device will be able to exchange DHCP packets and obtain its DHCP IP.
Rel. 9.2
The solution that was designed for waking up a silent device after the VOSS resets is
to save the MAC and IP address for that device in a file from FLASH and have it persistent after reboot.
When the auto-sense is initializing, we will go through each PORT-MAC-IP-VLAN record from the saved file and force the silent device to send a packet on that port.
This is accomplished by pinging and arping each record when VOSS initializes or when a port is enabled.
Also, regular ARPs+PINGs are sent every 20 seconds to keep the device authenticated and alive.
Nodealias was used to bring the Survive Reboot records to the auto-sense state machine.
Auto-Sense will be responsible of managing the records both in its internal database and in the file.
Also the PINGs and ARPs will be sent from auto-sense.
Just the devices connected to UNI-ONBOARDING auto-sense state will be saved and pinged/arped.
The ARP will be sent if there is any IP configured on the VLAN.
The PING will be sent with source IP = the MGMT IP Address.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
4 weeks ago
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
Wednesday
Thank you guys so much for the replies.
We will test and implement 9.2 features.
Best regards,
Hedi
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
3 weeks ago
Hi Team,
Please, could you give more detail about reauth:0?
Cheers!!
EF
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
4 weeks ago
Also, REAUTH:0 was added in VOSS 9.1.0.0
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
4 weeks ago
I would recommend to upgrade to release 9.2 on switches, where silent devices are connected!
There are following changes made recently in VOSS/FabricEngine OS for silent devices:
Rel. 9.1
We made the following auto-sense state machine changes with the purpose of accommodating these kind of devices
(9.1.0.0)
Enable EAP and flex-uni in WAIT state to be able to authenticate the IoT MAC address (from the first DHCP packet) through the RADIUS Server.
After the VSA from RADIUS is received, we transit the port in the newly added WAIT-EAP state,
in which we also create a SWUNI in the data/onboarding I-SID or the Radius returned VLAN/ISID,
to place the IOT device in the same VLAN as the DHCP Server and make it reachable.
Now, the IoT device will be able to exchange DHCP packets and obtain its DHCP IP.
Rel. 9.2
The solution that was designed for waking up a silent device after the VOSS resets is
to save the MAC and IP address for that device in a file from FLASH and have it persistent after reboot.
When the auto-sense is initializing, we will go through each PORT-MAC-IP-VLAN record from the saved file and force the silent device to send a packet on that port.
This is accomplished by pinging and arping each record when VOSS initializes or when a port is enabled.
Also, regular ARPs+PINGs are sent every 20 seconds to keep the device authenticated and alive.
Nodealias was used to bring the Survive Reboot records to the auto-sense state machine.
Auto-Sense will be responsible of managing the records both in its internal database and in the file.
Also the PINGs and ARPs will be sent from auto-sense.
Just the devices connected to UNI-ONBOARDING auto-sense state will be saved and pinged/arped.
The ARP will be sent if there is any IP configured on the VLAN.
The PING will be sent with source IP = the MGMT IP Address.
