HP 6120XG HP ProCurve Series 6120 Blade Switches Access Security Guide - Page 202
Cached Reauthentication
View all HP 6120XG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 202 highlights
RADIUS Authentication, Authorization, and Accounting Cached Reauthentication Cached Reauthentication Cached reauthentication allows 802.1X, web, or MAC reauthentications to succeed when the RADIUS server is unavailable. Users already authenticated retain their currently-assigned RADIUS attributes. Uninterrupted service is provided for authenticated users with RADIUS-assigned VLANS if the RADIUS server becomes temporarily unavailable during periodic reauthentications. Cached reauthentication is similar to the authorized authentication method in that user credentials are not checked. Any user credentials are valid even if they are different from those used during the last successful authentication of the same session. However, cached reauthentication maintains the current session attributes, unlike the authorized authentication method. New authen tications are not allowed. The RADIUS server can be the only allowed source of session attributes for authenticated users. Reauthentications are not disabled when the RADIUS server is unavailable. The switch initiates reauthentications of clients at the specified period and the clients must comply with the requirements for the reauthentication pro cedure exactly as is done for the authorized authentication method. The table below summarizes the differences between the authorized method and the cached reauthentication method. Authorized Cached Reauthentication New authentications are allowed when RADIUS server is New authentications are not allowed when RADIUS server unreachable. is unreachable. All previously RADIUS-assigned attributes are voided All previously assigned attributes remain in effect on reau and replaced by switch-configured values on reauthen- thentication when RADIUS server is unreachable. tication when RADIUS server is unreachable. Cached reauthentication is supported for 802.1X, Web authentication, and MAC authentication. For more information about Web/MAC authentication, see "Web and MAC Authentication" in the Access Security Guide for your switch. For more information on 802.1X, see "Configuring Port-Based and User-Based Access Control (802.1X) in the Access Security Guide for your switch. 5-26