[c-nsp] 802.1x - clients that go to sleep
Phil Mayers
p.mayers at imperial.ac.uk
Tue Feb 7 09:06:56 EST 2012
On 07/02/12 13:29, Aaron Riemer wrote:
> Hi Phil,
>
> Thanks for your response.
>
> Essentially I don't want to see a bunch of spurious dot1x failures in my log
> as it makes life hard when you are trying to troubleshoot real dot1x failed
> authentication attempts. I would prefer that the switch didn't send the
> authorization attempts and rather be more passive and only forward
> supplicant EAP START messages. Setting the reauth timer might work so long
> as the supplicants do actually send an EAP START message when they wake up
> (haven't tested this yet).
Ah, gotcha.
As I'm sure you're aware, when machines go to sleep they normally go
link-down, then link-up (at 10meg, usually). They normally then sit
there, and don't emit a packet.
Are you seeing the switch send EAP-Identity packets, after link-up, even
though the host hasn't emitted a packet?
More information about the cisco-nsp
mailing list