Reset Search
 

 

Article

NEAP devices not getting re-authenticated after RADIUS reject

« Go Back

Information

 
TitleNEAP devices not getting re-authenticated after RADIUS reject
Symptoms
Non-EAPoL (NEAP) devices, for which the first authentication attempt fails, are not getting re-authenticated even if re-authentication is configured (globally, and on ports). Such client devices are kept in Guest VLAN. 

Example: A NEAP client is not present (not added) to the RADIUS database linked with the authentication policy, so it fails authentication. Later, the client MAC address is added, but the device never gets authenticated (re-authentication does not occur).
Environment
  • ERS 3500
  • ERS 3600
  • ERS 4800
  • ERS 4900
  • ERS 5900
  • All supported software releases.
Cause
Working as designed. Re-authentication, as its name suggests, applies to client devices that are authenticated. There has to be an initial authentication event for re-authentication to occur (after re-authentication timer expires).
Resolution
To overcome this problem, a RADIUS policy for client devices that fail authentication authorizing them on Guest VLAN can be configured. This will effect in clients getting authenticated from the switch perspective (albeit it will be authorized on Guest VLAN only). Expiration of the re-authentication timer will successfully trigger authentication attempt.
Additional notes

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255