Security

Hello,

I'm reading about this feature and I would like if someone of you have some experience about it. I want to clarify the differences between "authorized" and "Re-Auth" I understand the next one:

- Authorized: Clients will be allowed as authenticated during reauthentication. But how may time? 
- Re-Auth: clients will be authenticated for the configured cached reauth period or radius server rechability. What would happen if once cached reauth period expires, radius server remains unreachable?

I've checked that this feature is compatible with MAC authentication and 802.1x, but can I configure cached authentication and other features (such as open-auth, unauth-vid or critical authentication) at the same time?


Thanks in advance.

Best regards.

------------------------------
tech_sec
------------------------------

My understanding:

Without cached-reauth, the reauth-period will determine how often a client must reauthenticate (802.1X) or MAC Auth happens by the switch. If re-authentication fails, like when server is unreachable, the according role is applied (critical, or initial id no critical role is configured).

With cached reauthentication, the client will keep the previously assigned role for the duration of the cached-reauth-period, only if the RADIUS server is unreachable instead of assigning the critical role. Authentication is retried periodically. After that, if the server is still unreachable, normal logic will drop in again, client will get the critical role if configured or the initial role otherwise.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Jun 08, 2021 12:01 PM
From: Abraham Lopez
Subject: Cached reauthentication

Hello,

I'm reading about this feature and I would like if someone of you have some experience about it. I want to clarify the differences between "authorized" and "Re-Auth" I understand the next one:

- Authorized: Clients will be allowed as authenticated during reauthentication. But how may time? 
- Re-Auth: clients will be authenticated for the configured cached reauth period or radius server rechability. What would happen if once cached reauth period expires, radius server remains unreachable?

I've checked that this feature is compatible with MAC authentication and 802.1x, but can I configure cached authentication and other features (such as open-auth, unauth-vid or critical authentication) at the same time?


Thanks in advance.

Best regards.

------------------------------
tech_sec
------------------------------