Reset Search



NEAP devices not getting re-authenticated after RADIUS reject

« Go Back


TitleNEAP devices not getting re-authenticated after RADIUS reject
Non-EAPoL (NEAP) devices, for which the first authentication attempt fails, are not getting re-authenticated even if re-authentication is configured (globally, and on ports). Such client devices are kept in Guest VLAN. 

Example: A NEAP client is not present (not added) to the RADIUS database linked with the authentication policy, so it fails authentication. Later, the client MAC address is added, but the device never gets authenticated (re-authentication does not occur).
  • ERS 3500
  • ERS 3600
  • ERS 4800
  • ERS 4900
  • ERS 5900
  • All supported software releases.
Working as designed. Re-authentication, as its name suggests, applies to client devices that are authenticated. There has to be an initial authentication event for re-authentication to occur (after re-authentication timer expires).
To overcome this problem, a RADIUS policy for client devices that fail authentication authorizing them on Guest VLAN can be configured. This will effect in clients getting authenticated from the switch perspective (albeit it will be authorized on Guest VLAN only). Expiration of the re-authentication timer will successfully trigger authentication attempt.
Additional notes



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255