This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Silent devices with VOSS

Silent devices with VOSS

Go to solution
Hedi
New Contributor

4 weeks ago

Hello,

For many of our customers we have silent devices, such as  (old) printers, badgereaders,plc's etc..
The only "solution"  we are using right now is the put a reauth timer of 270. Forcing all those devices to reauth every 270 so they stake "awake".this puts quite a strain on the NAC engine.

I'm wondering is anyone using other solutions? 
I thought about increasing mac-aging to 8hours but in large enviorment its unclear if some of those devices will send something in those 8 hours.

With other vendors i worked with we could send an arp every X seconds to keep them awake or use reauth:0
but that does not seem to work  for VOSS.

 

Any suggestions?

Thanks!

0 Kudos
2 ACCEPTED SOLUTIONS

Go to solution
gfriedl
Extreme Employee

4 weeks ago

I would recommend to upgrade to release 9.2 on switches, where silent devices are connected!

There are following changes made recently in VOSS/FabricEngine OS for silent devices:
Rel. 9.1
We made the following auto-sense state machine changes with the purpose of accommodating these kind of devices
(9.1.0.0)
Enable EAP and flex-uni in WAIT state to be able to authenticate the IoT MAC address (from the first DHCP packet) through the RADIUS Server.
After the VSA from RADIUS is received, we transit the port in the newly added WAIT-EAP state,
in which we also create a SWUNI in the data/onboarding I-SID or the Radius returned VLAN/ISID,
to place the IOT device in the same VLAN as the DHCP Server and make it reachable.
Now, the IoT device will be able to exchange DHCP packets and obtain its DHCP IP.

Rel. 9.2
The solution that was designed for waking up a silent device after the VOSS resets is
to save the MAC and IP address for that device in a file from FLASH and have it persistent after reboot.
When the auto-sense is initializing, we will go through each PORT-MAC-IP-VLAN record from the saved file and force the silent device to send a packet on that port.
This is accomplished by pinging and arping each record when VOSS initializes or when a port is enabled.
Also, regular ARPs+PINGs are sent every 20 seconds to keep the device authenticated and alive.
Nodealias was used to bring the Survive Reboot records to the auto-sense state machine.
Auto-Sense will be responsible of managing the records both in its internal database and in the file.
Also the PINGs and ARPs will be sent from auto-sense.
Just the devices connected to UNI-ONBOARDING auto-sense state will be saved and pinged/arped.
The ARP will be sent if there is any IP configured on the VLAN.
The PING will be sent with source IP = the MGMT IP Address.

View solution in original post

Go to solution
Ludovico_Steven
Extreme Employee

4 weeks ago

Also, REAUTH:0 was added in VOSS 9.1.0.0

View solution in original post

4 REPLIES 4

Go to solution
Hedi
New Contributor

Wednesday

Thank you guys so much for the replies.
We will test and implement 9.2 features.

Best regards,

Hedi

0 Kudos

Go to solution
EF
Contributor III

3 weeks ago

Hi Team,

Please, could you give more detail about reauth:0?

Cheers!!

 

EF

0 Kudos

Go to solution
Ludovico_Steven
Extreme Employee

4 weeks ago

Also, REAUTH:0 was added in VOSS 9.1.0.0

Go to solution
gfriedl
Extreme Employee

4 weeks ago

I would recommend to upgrade to release 9.2 on switches, where silent devices are connected!

There are following changes made recently in VOSS/FabricEngine OS for silent devices:
Rel. 9.1
We made the following auto-sense state machine changes with the purpose of accommodating these kind of devices
(9.1.0.0)
Enable EAP and flex-uni in WAIT state to be able to authenticate the IoT MAC address (from the first DHCP packet) through the RADIUS Server.
After the VSA from RADIUS is received, we transit the port in the newly added WAIT-EAP state,
in which we also create a SWUNI in the data/onboarding I-SID or the Radius returned VLAN/ISID,
to place the IOT device in the same VLAN as the DHCP Server and make it reachable.
Now, the IoT device will be able to exchange DHCP packets and obtain its DHCP IP.

Rel. 9.2
The solution that was designed for waking up a silent device after the VOSS resets is
to save the MAC and IP address for that device in a file from FLASH and have it persistent after reboot.
When the auto-sense is initializing, we will go through each PORT-MAC-IP-VLAN record from the saved file and force the silent device to send a packet on that port.
This is accomplished by pinging and arping each record when VOSS initializes or when a port is enabled.
Also, regular ARPs+PINGs are sent every 20 seconds to keep the device authenticated and alive.
Nodealias was used to bring the Survive Reboot records to the auto-sense state machine.
Auto-Sense will be responsible of managing the records both in its internal database and in the file.
Also the PINGs and ARPs will be sent from auto-sense.
Just the devices connected to UNI-ONBOARDING auto-sense state will be saved and pinged/arped.
The ARP will be sent if there is any IP configured on the VLAN.
The PING will be sent with source IP = the MGMT IP Address.

li.common.scroll-to.top
GTM-P2G8KFN