Hi ,
We have a setup with MX68 with all ports configured with Hybrid Auth ( 802.1X and MAB ). In certain regions , we often lose power and the MX will reboot.
Most of the time ( 90% of the time ) , the devices directly connected to the MX will be up before the MX has time to get the VPN tunnels up. Since the VPN tunnel is not up yet , the 802.1X and MAB auth fails. On the MX there is a 802.1X reauth timer of 1 hour , so the devices that supports 802.1X will re-auth after 1 hour and will come up online. ( not ideal but still better than nothing ). The MX do not support CoA ( yet ? ) so we can't do anything to force a re-auth
However , many devices do not support .1X and will fail to auth and will never re-auth unless you do a port cycle ( which we can't do on a MX ) or you unplug the ethernet cable.
Do you guys experience this ? Any wild suggestion ?
We can't disable the port because the MX are in a big template with many other sites , we can't place a small 8 port switch ( too expensive , too many sites ). I feel like I'm out of options ( simple ones though )
Thanks ,
