Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1939
Views
1
Helpful
4
Replies

No 'authentication control-direction in' equivalent on CBS350 switch

RobertKarsai
Level 1
Level 1

‎05-30-2024 08:55 AM

Hi All,

Have anybody ever run into a problem in a MAC auth environment, that certain printers or other embedded devices (as they tend to remain silent) just time out from FDB, when they time out from FDB they loose their MAC authentication on the switch too, and there is no way to wake them up, unless they do something on their own (like an NTP request). This traffic then makes those devices authenticated and available again for a while, but eventually their FDB records will time out again soon, then their authentication is also dropped. In this state, the port does not receive or send packets until the authentication process has been completed, and authentication can only be initiated by the device itself (like sending a packet to an NTP server). So... in IOS there is a port command to avoid this, "authentication control-direction in" (instead of the default "authentication control-direction both"). I cannot seem to find the CBS counterpart of this command on CBS350 series switches.

BR
Robert

Labels:
0 Helpful
4 Replies 4

Arne Bier
VIP
VIP

‎05-30-2024 04:27 PM

Oh dear. That old chestnut. I have not played with those switches. If the command doesn't exist (in the CLI) then does the switch support something like device tracking feature?  You could try using DT to send periodic ARP probes to the endpoint to force it to respond often enough.  

RobertKarsai
Level 1
Level 1

‎05-31-2024 02:58 AM

Yeah, it was a good idea, thanks, but the CBS350 series has no IPDT. I'm starting to embrace the idea of a duct-tape solution: most or all embedded devices need to be pinged every few minutes so that the replies will keep them connected.

0 Helpful

RobertKarsai
Level 1
Level 1

‎06-05-2024 12:41 PM

Do You happen to know how could I initiate a feature request for this? This is somewhat fishy that basically no embedded systems can be used with CBS350 802.1X because of this missing feature. If a switch supports 802.1X it should have this too.

0 Helpful

Arne Bier
VIP
VIP

‎06-05-2024 02:01 PM

Sorry I don't have any ideas or links about that product or its business unit. Perhaps start with your friendly Cisco SE/AM and let them find out the alias/web page to submit a request. Some BUs (like the one that makes ISE) is really switched on and they put these "Make a Wish" URLs into their product.  Smart move.

0 Helpful
Customers Also Viewed These Support Documents