Hello Everyone,
Objective of this post is to educate community members about the enhancement feature "Limited Authentication Survivability – Persistence Support" introduced as part of AOS-CX 10.11.1000 Release.
- Cached Critical Role also known as Limited authentication Survivability - allows the authorization of authenticated clients with the previously applied roles when the RADIUS server is unreachable.
- When the cached-critical user role feature support is enabled, the MAC address of clients and their applied roles are cached in the system during the client log-off or re-authentication. When the RADIUS server is unreachable, the cached-critical role is applied as a special role to the client. Once the RADIUS server is reachable, cache details are cleared from the switch.
- The cached-critical role can be enabled at the global or per-interface level
(config)# aaa authentication port-access cached-critical-role
(config-aaa-ccr)#
cache-replace-mode Set the cache replace mode
cache-timeout Time in hours, during which clients are cached.
disable Disables Cached Critical Role. (Default)
enable Enables Cached Critical Role.
end End current mode and change to enable mode.
exit Exit current mode and change to previous mode
list Print command list
no Negate a command or set its defaults
show Show running system information
(config-aaa-ccr)#exit
Prior to 10.11.1000 :
- Support for limited authentication survivability using the switch non-persistent storage
- Cached client details will not be retained after a reboot
- Supported platforms: CX 4100i, 6200, 6300, 6400, 8360
10.11.1000 Release Onwards :
- Support for limited authentication survivability using the switch persistent storage
- The cached client details are persistent across reboot and does support vsf switchover.
- Supported platforms: CX 4100i, 6000,6100,6200, 6300, 6400, 8360,8100(10.12 Onwards)
(config)# aaa authentication port-access cached-critical-role
(config-aaa-ccr)#
cache-replace-mode Set the cache replace mode
cache-timeout Time in hours, during which clients are cached.
disable Disables Cached Critical Role. (Default)
enable Enables Cached Critical Role.
end End current mode and change to enable mode.
exit Exit current mode and change to previous mode
list Print command list
no Negate a command or set its defaults
persistent-storage Configure persistent storage for cached clients.
show Show running system information
(config-aaa-ccr)#exit
Persistent Storage Configuration :
(config)# aaa authentication port-access cached-critical-role
(config-aaa-ccr)# persistent-storage enable
Warning: Enabling persistent-storage will reduce the lifetime of the flash.
Do you want to continue (y/n)? y
(config-aaa-ccr)#
(config)# aaa authentication port-access cached-critical-role
(config-aaa-ccr)# persistent-storage write-interval
<900-86400> Interval between consecutive writes to persistent storage in
seconds. (Default: 3600 seconds)
Additional Resources :
With thanks & regards,
Shobana
MVP Expert
------------------------------
Shobana
Aruba
------------------------------