Periodic reauthentication of authenticated clients

Note: Reauthentication is enabled by default for restricted and critical VLANs. Reauthentication is not supported for guest VLANs.

ICX devices can be configured to periodically reauthenticate the authenticated clients that are connected to interfaces enabled for 802.1X and MAC authentication. When periodic reauthentication is enabled using the re-authentication command, the ICX device reauthenticates clients every 3,600 seconds (1 hour) by default. The reauthentication interval is configurable using the reauth-period command. The RADIUS server can overwrite this interval for each client using the Session-Timeout and Termination-Action attributes.

Note: With the dead RADIUS server enhancement, RADIUS servers are monitored and marked dead when they don’t respond. When no RADIUS servers are available, a client reauthentication attempt would simply result in a timeout. Therefore, when no servers are available, reauthentication is not performed. Instead, the timeout action is performed, and the client continues with the same credentials when the auth-timeout-action command configuration is set to success or critical-vlan. This avoids potential issues with some 802.1X clients that are known to go into an inconsistent state after client reauthentication times out and when the auth-timeout-action command configuration is set to success.