I've got about 200 ex2200 and ex2300s (use as L2 switches) where we've just moved to macauth out wired devices. Our reauth time is 10 minutes, though we're going to want to move that higher once our conversion is complete.
In general, this works fine. But as many people find, we have issues with "quiet nodes" like scanners, HVAC, alarm, etc. These devices talk for the first one or two authentication attempts, but then the device disappears from the ethernet-switching table. The auths then fail because the devices do not send any traffic. They are static IP'd so there's no periodic DHCP. They don't use NTP, or send SNMP traps.
Once they expire from the ethernet-switching table, they remain in our firewall (where L3 and DHCP relay is) ARP table for 30 minutes total.
To address this, I set the "protocols l2-learning global-mac-table-aging-time" to be 1800 seconds (30 min - like the firewall ARP). What I wonder is how do I tell what the remaining time before aging out is? If I was arping on the switches, I could see it here. The run show dot1x interface command shows me the time to reauth.
When I look at the ethernet-switching table, I see:
So how can I see how much longer is left before the entry ages out?
Also, has anyone had similar "quiet node" issues, and how did you deal with it?