Ciao,
regarding the Onguard CACHE value (Default value is 5min), that is what happens:
1) 802.1x client is authenticated with posture UNKNOWN (initial role)
2) Onguard agent triggers a new connection and send posture (HEALTHY)
3) After 5 minute the cache expired
4) A 802.1x reauthentication occurs without interface change (no Onguard agent triggers) and the posture now is UNKNOWN. The client is put in a initial role losing full connectivity.
Is it right ?
I temporarily resolved it changing the onguard Cache timeout to 1 week. But is it right ?
Regards,
Iarno