Reset Search
 

 

Article

If port has been configured for "authOptional" switch stops to send re-auth to the radius

« Go Back

Information

 
TitleIf port has been configured for "authOptional" switch stops to send re-auth to the radius
Question
If port has been configured for "authOptional" switch stops to send re-auth to the radius
Environment
  • EXOS 16.1 and higher
  • Netlogin
  • RADIUS
  • authOptional (authentication mode optional)
Answer
This is an expected behavior with “authentication mode optional” in EXOS.

Observation:
  • With authentication optional mode, the traffic from the client will be allowed even when it is not authenticated. i.e. authentication is not mandatory.
  • If the client failed to authenticate due to some reason (either server unreachable or wrong password or some other reason), then switch will still add the MAC in fdb table and stop initiating the re-auth request to the radius server.
  • The next authentication will be triggered only when fdb ages out or “clear fdb” is executed.
  • If the client gets successfully authenticated with this mode, then it will continue to send the re-auth request after every  policy session time-out.
  • But since this customer scenario deals about failed client, session time-out does not apply.
  • After aging time expires the failed entries will be deleted from netlogin however the FDB do not get cleared.

Workaround:
UPM script that will clear FDBs of deleted netlogin clients.
* X440G2-24t-10G.1 # show configuration "ems"
#
# Module ems configuration.
#
enable log debug-mode
create log filter upm_re_auth
configure log filter upm_re_auth add events nl.mac.DeleteClient
create log target upm re_auth
enable log target upm re_auth
configure log target upm re_auth filter upm_re_auth severity Debug-Summary only


* X440G2-24t-10G.2 # show configuration "upm"
#
# Module upm configuration.
#
create upm profile re_auth
enable cli scripting
if (!$match($EVENT.LOG_EVENT,DeleteClient)) then
clear fdb $EVENT.LOG_PARAM_1
endif

.


 
Additional notes

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255