Resilient 802.1x cached-reauth
802.1x authenticated clients are placed in cached-reauthentication phase when a RADIUS server is not reachable. The switch sends an EAPOL (Extensible Authentication Protocol Over LAN) start message to reauthenticate the client before RADIUS connection timeout occurs or the server-times out. When configured, the client may be authorized to use a cached reauthentication as a backup method for access to the RADIUS server. Currently Aruba switches support primary and fallback authentication for both MAC authentication & DOT1x authentication. If the RADIUS server is down or unreachable, the fallback method is applied using one of the three methods available:
- Authorized
When configured, authenticated clients are authorized.
- Cached reauthentication
When configured, the client is authorized for the configured cached reauthentication period or RADIUS server reachability.
- None
If none is configured, for the client, the client will be de-authenticated. None is the default.