Wireless Access

Reply
Occasional Contributor II
Posts: 24
Registered: ‎01-09-2015

L2 Authentication / MAC Auth / Reauthentication interval setting - Clarification

Dear Community,

I would like to ask some clarificiations/confirmations about the Reauthentication Interval setting inside the MAC authentication profile.

-Does it well correct that we need to activate Reauthentication on the screenshot below to have Max Authentication failures and Reauthentication Interval starting to take effect?


-Reauthentication Interval, does it well mean that after first attempt, the client needs to wait 86400 to try to authenticate again?


-If Max Authentication failures is set to 0, does it mean that the client is blacklisted if first attempt is rejected? Does this Max Authentication failures number that will trigger the Reauthentication Interval to count down for a specific client?

 

reauthentication_interval_config.jpg


Thanks in advance for your help,

Best regards,

 

Guru Elite
Posts: 20,968
Registered: ‎03-29-2007

Re: L2 Authentication / MAC Auth / Reauthentication interval setting - Clarification

Reauthentication needs to be enabled to set the reauthentication interval, yes.  You would then set the reauthentication interval, as well.  The reauthentication parameter is not related to max authentication failures.

 

The reauthentication interval means that after 86400 seconds in this example the client will be forced to reauthenticate.  This is useful if you make changes to the database that allows clients access and you want it checked every 86400 seconds to ensure the clients still has access.

 

Max Authentication failures at zero means that the client is blacklisted as soon as it fails authentication IF blacklisting is enabled at the Virtual AP level.

 

Blacklisting has is not related to the reauthentication interval.

 

I hope this helps.

 

 

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: