End-system (ES) authenticated (dot1x and/or MAC), three scenarios may follow from here:
- Operator uses NAC Manager or the browser to trigger ES reauthentication.
- ES will be assessed - using Assessment with the ES applied NAC profile or with Assessment's own NAC profile.
- based on NAC rules (e.g. LDAP) an ES may have to be reauthenticated a few times so a new NAC profile to be applied to it on the switch
In each case, if certain conditions are met, reauthentication will be delayed (duration is based on timers configured on switch) by 90 seconds, even more.
If "Assessment" is expected to start it will fail, agent-less or agent-based.