The second example you post shows more or less multiples of 1 hour, and 3600 seconds (one hour), is the default reauthentication timeout. Further from what you describe, the behavior with a client authenticating every 3 minutes (approximately), only when the client is locked, that may be that the client goes into power saving and wakes up every 3 minutes or so. Just thinking out loud. Can you try to disable sleep/power saving in the network adapter?
The logs you see are authentication logs, not alerts or errors. The client and switch perform authentication. This looks like normal behavior to me.
The output of the switch command: 'show port-access clients interface 1/1/1 detail' (replace 1/1/1 with the interface where your client is connected to), may provide more information. But for now, I think you should look in the client.
If you have urgent issues, always contact your HPE Aruba Networking partner, distributor, or Aruba TAC Support. Check
for how to contact HPE Aruba Networking TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or HPE Aruba Networking.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: Apr 29, 2025 01:56 PM
From: gmann101
Subject: Access Tracker - Continuous Authentication Requests
Hi Jonas,
Upon further review of the logs, I see that similar behavior is occurring on some other client machines that I am testing with. In another scenario, the client machine is just at the login screen with no actual user logged in, and the machine appears to undergo authentication using Method 1 (Machine Auth), at different intervals, as shown in the time stamp:
Here is my switch config:
--------------------------------------------------------------------------------------------------
; JL322A Configuration Editor; Created on release #WC.16.11.0021
; Ver #14:67.6f.f8.1d.9b.3f.bf.bb.ef.7c.59.fc.6b.fb.9f.fc.ff.ff.37.ef:44
hostname "TEST-SWITCH"
module 1 type jl322a
flexible-module A type JL083A
console idle-timeout 600
console idle-timeout serial-usb 600
fault-finder broadcast-storm sensitivity high
fault-finder bad-driver sensitivity high
fault-finder bad-transceiver sensitivity high
fault-finder bad-cable sensitivity high
fault-finder too-long-cable sensitivity high
fault-finder over-bandwidth sensitivity high
fault-finder loss-of-link sensitivity high
fault-finder duplex-mismatch-hdx sensitivity high
fault-finder duplex-mismatch-fdx sensitivity high
fault-finder link-flap sensitivity low
trunk 8 trk10 lacp
include-credentials
password manager user-name "manager" sha1 "XXXXXXXXXXXXXXXXXXXXXXXXX"
radius-server host X.X.X.X key "xxxxxxxxx"
radius-server host X.X.X.X key "xxxxxxxxx" acct-port 1646 auth-port 1645
radius-server host X.X.X.X time-window 0
timesync ntp
no sntp
sntp 30
ntp unicast
ntp server X.X.X.X burst
ntp server X.X.X.X min-poll 4 max-poll 4
ntp server X.X.X.X burst
ntp server X.X.X.X min-poll 4 max-poll 4
ntp enable
tacacs-server host X.X.X.X key "xxxxxx"
no telnet-server
time daylight-time-rule continental-us-and-canada
time timezone -480
no web-management
ip default-gateway X.X.X.X
ip dns server-address priority 1 X.X.X.X
ip dns server-address priority 2 X.X.X.X
ip client-tracker trusted
interface 1
name "UPLINK***_[ETH-1]"
exit
interface 2
name "DATA"
exit
interface 3
name "DATA"
exit
interface 4
name "DATA"
exit
interface 5
name "DATA"
exit
interface 6
name "DATA"
exit
interface 7
name "DATA"
exit
interface 8
name "DATA"
exit
interface 9
name "DATA"
exit
interface 10
name "DATA"
exit
interface 11
name "DATA"
exit
interface 12
name "DATA"
exit
interface 13
name "DATA"
exit
interface 14
name "DATA"
exit
interface 15
name "DATA"
exit
interface 16
name "DATA"
exit
interface 17
name "DATA"
exit
interface 18
name "DATA"
exit
interface 19
name "DATA"
exit
interface 20
name "DATA"
exit
interface 21
name "DATA"
exit
interface 22
name "DATA"
exit
interface 23
name "DATA"
exit
interface 24
name "DATA"
exit
interface 25
name "DATA"
exit
interface 26
name "DATA_&_VOICE"
exit
interface 27
name "DATA_&_VOICE-"
exit
interface 28
name "DATA_&_VOICE"
exit
interface 29
name "DATA_&_VOICE"
exit
interface 30
name "DATA_&_VOICE"
exit
interface 31
name "DATA_&_VOICE"
exit
interface 32
name "DATA_&_VOICE"
exit
interface 33
name "DATA_&_VOICE"
exit
interface 34
name "DATA_&_VOICE"
exit
interface 35
name "DATA_&_VOICE"
exit
interface 36
name "DATA_&_VOICE"
exit
interface 37
name "DATA_&_VOICE"
exit
interface 38
name "DATA_&_VOICE"
exit
interface 39
name "DATA_&_VOICE"
exit
interface 40
name "DATA_&_VOICE"
exit
interface 41
name "DATA_&_VOICE"
exit
interface 42
name "DATA_&_VOICE"
exit
interface 43
name "DATA_&_VOICE"
exit
interface 44
name "DATA_&_VOICE"
exit
interface 45
name "DATA_&_VOICE"
exit
interface 46
name "DATA_&_VOICE"
exit
interface 47
name "DATA_&_VOICE"
speed-duplex 10-full
exit
interface 48
name "DATA"
exit
snmp-server community "public"
snmp-server contact "XXXXXXXX" location "XXXXX"
snmpv3 engineid "00:00:00:00:00:00:00:00:00:00:00:00"
aaa server-group radius "cppm_radius" host X.X.X.X
aaa server-group radius "cppm_radius" host X.X.X.X
aaa accounting update periodic 5
aaa accounting commands stop-only tacacs
aaa accounting exec start-stop tacacs
aaa accounting network start-stop radius server-group "cppm_radius"
aaa accounting system stop-only tacacs
aaa authentication login privilege-mode
aaa authentication ssh login tacacs
aaa authentication ssh enable tacacs
aaa authentication port-access eap-radius server-group "cppm_radius"
aaa authentication mac-based chap-radius server-group "cppm_radius"
aaa port-access authenticator 3,5-7,9,11,13,15-21,23,25,27,29
aaa port-access authenticator 3 tx-period 10
aaa port-access authenticator 3 supplicant-timeout 10
aaa port-access authenticator 3 client-limit 3
aaa port-access authenticator 5 tx-period 5
aaa port-access authenticator 5 supplicant-timeout 10
aaa port-access authenticator 5 server-timeout 10
aaa port-access authenticator 5 client-limit 10
aaa port-access authenticator 6 tx-period 10
aaa port-access authenticator 6 supplicant-timeout 10
aaa port-access authenticator 6 server-timeout 5
aaa port-access authenticator 6 client-limit 10
aaa port-access authenticator 7 tx-period 10
aaa port-access authenticator 7 supplicant-timeout 10
aaa port-access authenticator 7 server-timeout 10
aaa port-access authenticator 7 client-limit 3
aaa port-access authenticator 9 tx-period 5
aaa port-access authenticator 9 supplicant-timeout 10
aaa port-access authenticator 9 server-timeout 10
aaa port-access authenticator 9 client-limit 3
aaa port-access authenticator 11 tx-period 10
aaa port-access authenticator 11 supplicant-timeout 10
aaa port-access authenticator 11 server-timeout 10
aaa port-access authenticator 11 client-limit 5
aaa port-access authenticator 13 tx-period 5
aaa port-access authenticator 13 supplicant-timeout 10
aaa port-access authenticator 13 server-timeout 10
aaa port-access authenticator 13 client-limit 3
aaa port-access authenticator 15 tx-period 5
aaa port-access authenticator 15 supplicant-timeout 10
aaa port-access authenticator 15 server-timeout 10
aaa port-access authenticator 15 client-limit 10
aaa port-access authenticator 16 tx-period 10
aaa port-access authenticator 16 supplicant-timeout 15
aaa port-access authenticator 16 server-timeout 10
aaa port-access authenticator 16 client-limit 10
aaa port-access authenticator 17 tx-period 10
aaa port-access authenticator 17 supplicant-timeout 15
aaa port-access authenticator 17 server-timeout 10
aaa port-access authenticator 17 client-limit 10
aaa port-access authenticator 18 tx-period 10
aaa port-access authenticator 18 supplicant-timeout 15
aaa port-access authenticator 18 server-timeout 10
aaa port-access authenticator 18 client-limit 10
aaa port-access authenticator 19 tx-period 10
aaa port-access authenticator 19 supplicant-timeout 15
aaa port-access authenticator 19 server-timeout 10
aaa port-access authenticator 19 client-limit 10
aaa port-access authenticator 20 tx-period 10
aaa port-access authenticator 20 supplicant-timeout 15
aaa port-access authenticator 20 server-timeout 10
aaa port-access authenticator 20 client-limit 10
aaa port-access authenticator 21 tx-period 10
aaa port-access authenticator 21 supplicant-timeout 20
aaa port-access authenticator 21 server-timeout 30
aaa port-access authenticator 21 client-limit 5
aaa port-access authenticator 23 tx-period 10
aaa port-access authenticator 23 supplicant-timeout 20
aaa port-access authenticator 23 server-timeout 30
aaa port-access authenticator 23 client-limit 5
aaa port-access authenticator 25 tx-period 10
aaa port-access authenticator 25 supplicant-timeout 10
aaa port-access authenticator 25 server-timeout 10
aaa port-access authenticator 25 client-limit 5
aaa port-access authenticator 27 tx-period 10
aaa port-access authenticator 27 supplicant-timeout 20
aaa port-access authenticator 27 server-timeout 30
aaa port-access authenticator 27 client-limit 3
aaa port-access authenticator 29 tx-period 10
aaa port-access authenticator 29 supplicant-timeout 10
aaa port-access authenticator 29 server-timeout 10
aaa port-access authenticator 29 client-limit 3
aaa port-access authenticator active
aaa port-access mac-based 3,5-7,9,11,13,15-21,23,25,27,29
aaa port-access mac-based 3 addr-limit 10
aaa port-access mac-based 5 addr-limit 10
aaa port-access mac-based 6 addr-limit 10
aaa port-access mac-based 7 addr-limit 10
aaa port-access mac-based 9 addr-limit 3
aaa port-access mac-based 11 addr-limit 5
aaa port-access mac-based 13 addr-limit 3
aaa port-access mac-based 21 addr-limit 5
aaa port-access mac-based 23 addr-limit 5
aaa port-access mac-based 25 addr-limit 5
aaa port-access mac-based 27 addr-limit 5
aaa port-access mac-based 29 addr-limit 3
aaa port-access 3 auth-order mac-based authenticator
aaa port-access 3 auth-priority authenticator mac-based
aaa port-access 5 auth-order authenticator mac-based
aaa port-access 5 auth-priority authenticator mac-based
aaa port-access 9 auth-order authenticator mac-based
aaa port-access 9 auth-priority authenticator mac-based
aaa port-access 11 auth-order authenticator mac-based
aaa port-access 11 auth-priority authenticator mac-based
aaa port-access 13 auth-order authenticator mac-based
aaa port-access 13 auth-priority authenticator mac-based
aaa port-access 15 auth-order authenticator mac-based
aaa port-access 15 auth-priority authenticator mac-based
aaa port-access 16 auth-order mac-based authenticator
aaa port-access 16 auth-priority authenticator mac-based
aaa port-access 17 auth-order mac-based authenticator
aaa port-access 17 auth-priority authenticator mac-based
aaa port-access 18 auth-order mac-based authenticator
aaa port-access 18 auth-priority authenticator mac-based
aaa port-access 19 auth-order mac-based authenticator
aaa port-access 19 auth-priority authenticator mac-based
aaa port-access 20 auth-order mac-based authenticator
aaa port-access 20 auth-priority authenticator mac-based
aaa port-access 21 auth-order mac-based authenticator
aaa port-access 21 auth-priority authenticator mac-based
aaa port-access 23 auth-order authenticator mac-based
aaa port-access 23 auth-priority authenticator mac-based
aaa port-access 25 auth-order authenticator mac-based
aaa port-access 25 auth-priority authenticator mac-based
aaa port-access 27 auth-order authenticator mac-based
aaa port-access 27 auth-priority authenticator mac-based
aaa port-access 29 auth-order authenticator mac-based
aaa port-access 29 auth-priority authenticator mac-based
oobm
ip address dhcp-bootp
ipv6 enable
ipv6 address dhcp full
exit
vlan 1
name "DEFAULT_VLAN"
no untagged 2,4-5,7,9-48
untagged 1,3,6,A1-A4,Trk10
ip address dhcp-bootp
ipv6 enable
ipv6 address dhcp full
exit
vlan 5
name "MANAGEMENT"
untagged 48
tagged 1
ip address x.x.x.x 255.255.255.0
exit
vlan 14
name "SERVERS"
tagged 1
no ip address
exit
vlan 99
name "QUARANTINE-CPPM"
tagged 1
no ip address
exit
vlan 101
name "VOICE"
tagged 1-2,4-5,7,9-42
no ip address
voice
exit
vlan 201
name "DATA"
untagged 2,4-5,7,9-42
tagged 1
no ip address
exit
vlan 301
name "HVAC"
untagged 47
tagged 1
no ip address
exit
vlan 351
name "WIFI-GUEST"
tagged 1,43-46
no ip address
exit
vlan 401
name "GUEST_WIRED"
tagged 1
no ip address
exit
vlan 451
name "WIFI-CORP"
tagged 1,43-46
no ip address
exit
vlan 501
name "WIFI_AP"
untagged 43-46
tagged 1
no ip address
exit
vlan 601
name "CCTV/SECURITY"
tagged 1
no ip address
exit
vlan 701
name "A/V"
tagged 1
no ip address
exit
vlan 801
name "PCI"
tagged 1
no ip address
exit
vlan 901
name "FUTURE"
tagged 1
no ip address
exit
spanning-tree
spanning-tree Trk10 priority 4
allow-unsupported-transceiver
device-profile name "default-ap-profile"
untagged-vlan 501
tagged-vlan 351,451
exit
device-profile type "aruba-ap"
enable
exit
Switchport Config
------------------------
interface 25
name "DATA_&_VOICE"
tagged vlan 101
untagged vlan 201
aaa port-access authenticator
aaa port-access authenticator tx-period 10
aaa port-access authenticator supplicant-timeout 10
aaa port-access authenticator server-timeout 10
aaa port-access authenticator client-limit 5
aaa port-access mac-based
aaa port-access mac-based addr-limit 5
aaa port-access auth-order authenticator mac-based
aaa port-access auth-priority authenticator mac-based
exit
Original Message:
Sent: Apr 29, 2025 01:04 AM
From: jonas.hammarback
Subject: Access Tracker - Continuous Authentication Requests
Hi
This is not a ClearPass issue. ClearPass just answer incoming requests.
Instead the question is why there are so frequent requests.
Either you have configuration on the switch that trigger new authentications every three minutes or the client have some setting.
Is it the same for all clients and what happens if you reboot the client and the user doesn't log on. In that situation only TEAP method 1 is successful, does this change the behavior?
If you post the switch config this may help to give a hint of the problem.
------------------------------
Best Regards
Jonas Hammarbäck
MVP Guru, ACEX, ACDX #1600, ACCX #1335, ACX-Network Security
Aranya AB
If you find my answer useful, consider giving kudos and/or mark as solution
Original Message:
Sent: Apr 28, 2025 07:36 PM
From: gmann101
Subject: Access Tracker - Continuous Authentication Requests
Hi Everyone. I am running into a situation where I am seeing continuous authentication events within the access tracker where one a user has signed into to a PC, and locked it. When clicking on any of the events within the access tracker it shows that both Machine Auth and User Auth are successful, while using the TEAP protocol, but I am unable to identity why I am seeing continuous auth events, which seem to show up every 3 minutes or so. As soon the user signs back into the PC, the alerts stop.
What might be the cause as to why these alerts are being generated? Thanks