Hello
You can use the critical-role to allow limited or full access to users when the RADIUS server is not reachable and the authentication cannot be completed.
Here is the description from the Security Guide, page 320
https://www.arubanetworks.com/techdocs/AOS-CX/10.08/PDF/security_6200-6300-6400.pdfCritical roleThe critical role is applied to devices when the RADIUS server is unreachable during the first authenticationprocess or during reauthentication. This role helps ensure that the devices have limited access to thenetwork even though the authentication is not completed. Once the RADIUS server is available forauthentication, the devices are authenticated and the ultimate role is applied.Another approach would be to enable cached reauthentication for 802.1x or mac-ath (this is actually already available in ProCurve or AOS-S)
DescriptionEnables cached reauthentication on a port. Cached reauthentication allows 802.1X reauthentications tosucceed when the RADIUS server is unavailable. Users already authenticated retain their currently assignedRADIUS attributes.------------------------------
Emil Gogushev
------------------------------
Original Message:
Sent: Nov 03, 2021 12:35 PM
From: Benjamin Milton
Subject: AOS-CX Port Authentication Fail open
Hi,
Does anyone know the command or feature within aos-cx that matches this procurve command:
aaa authentication port-access eap-radius authorized
I want to fail the ports open if the radius server is seen as unavailable. i have checked the manuals and i cant see any features that protect you from a radius server going offline.
thanks in advance
------------------------------
Benjamin Milton
------------------------------