Hello all, I am curious how people are dealing with printers and 802.1x. We are using MAB to authenticate the devices which works fine. We have begun to implement the black hole concept as our next phase. We have built a vlan 86 that is strictly layer 2, we put all of the ports into that vlan and then use dynamic vlan assignment to place them into the correct vlan. That too works fine, the issue we have been running into is when the printer goes into hibernate/sleep mode. I am guessing that causes an up/down event on the switch which will cause the 802.1x authentication process to start over. When that happens the devices end up in vlan 86 and MAB is stuck in the running state because the device is not talking on the network.
I have tried enabling ip device tracking but that didn't help. I am going to setup a ping probe using InterMapper to ping the device and see if that keeps it active but I am curious if anyone out there has ran into issues with printers and if so how have they dealt with them. Thanks!
I agree with Adam, WoL feature would help you here. Could you please paste the port configuration here?
Most WoL endpoints flap the link when going into hibernation or standby mode, thus clearing any existing MAB authenticated session. By default, traffic through the unauthorized port will be blocked in both directions, and the magic packet will never get to the sleeping endpoint. To support WoL in a MAB environment, you can configure a Cisco Catalyst switch to modify the control direction of the port, allowing traffic to the endpoint while still controlling traffic from the endpoint. This approach allows the hibernating endpoint to receive the WoL packet while still preventing the unauthorized endpoint from sending any traffic to the network. After it is awakened, the endpoint can authenticate and gain full access to the network. Control direction works the same with MAB as it does with IEEE 802.
Switch(config)# interface fastethernet 5/1 Switch(config-if)# authentication control-direction both
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...