Ryan
Thank you for your time. I check my timers and my idle timer is the default 5 min. So after 5 minutes if the controller cannot ping the user because the client either turn off the device or left the area then the controller will remove the user from the table and if the user comeback or reopen the laptop it need to reauthenticate, Am i correct?
show aaa timers
Global User idle timeout = 300 seconds
Auth Server dead time = 10 minutes
Logon user lifetime = 5 minutes
User Interim stats frequency = 300 seconds
show auth-trace showed the user EAP is successful and the Radius is accepting the req:
Mar 26 10:51:01 eap-req <- b8:e8:56:10:9c:c2 9c:1c:12:82:3a:91 12 107
Mar 26 10:51:01 eap-resp -> b8:e8:56:10:9c:c2 9c:1c:12:82:3a:91 12 43
Mar 26 10:51:01 rad-req -> b8:e8:56:10:9c:c2 9c:1c:12:82:3a:91/fldvp-appnpspxy.ad.nova.edu 42 254
Mar 26 10:51:01 rad-accept <- b8:e8:56:10:9c:c2 9c:1c:12:82:3a:91/fldvp-appnpspxy.ad.nova.edu 42 305
Mar 26 10:51:01 eap-success <- b8:e8:56:10:9c:c2 9c:1c:12:82:3a:91 12 4
Mar 26 10:51:01 wpa2-key1 <- b8:e8:56:10:9c:c2 9c:1c:12:82:3a:91 - 117
Mar 26 10:51:01 wpa2-key2 -> b8:e8:56:10:9c:c2 9c:1c:12:82:3a:91 - 117
Mar 26 10:51:01 wpa2-key3 <- b8:e8:56:10:9c:c2 9c:1c:12:82:3a:91 - 151
Mar 26 10:51:01 wpa2-key4 -> b8:e8:56:10:9c:c2 9c:1c:12:82:3a:91 - 95
Now in the logs i can see the testing with my laptop trying to replicate the issue so i can better undersand where to look. I can see my computer was auth successfuly
Mar 26 10:48:38 :522038: <INFO> |authmgr| username=NSU
ils MAC=b8:e8:56:10:9c:c2 IP=0.0.0.0 Authentication result=Authentication Successful method=802.1x server=fldvp-appnpspxy.ad.nova.edu
Mar 26 10:48:38 :522044: <INFO> |authmgr| MAC=b8:e8:56:10:9c:c2 Station authenticate(start): method=802.1x, role=preauth///preauth, VLAN=1248/1248, Derivation=10/0, Value Pair=1, flags=0x8
Mar 26 10:48:38 :522049: <INFO> |authmgr| MAC=b8:e8:56:10:9c:c2,IP=N/A User role updated, existing Role=preauth/none, new Role=ENET/none, reason=Station Authenticated with auth type: 4
Mar 26 10:48:38 :522050: <INFO> |authmgr| MAC=b8:e8:56:10:9c:c2,IP=N/A User data downloaded to datapath, new Role=ENET/139, bw Contract=0/0, reason=Download driven by user role settin
Now from the Client connection the timer does not change so the client computer believe it is still connected but the controller I think is removing the client from the table.
Thank you