Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Server Fail Fallback and Authentication


Configuring RADIUS Reachability to Reauthenticate Server Fail Sessions

When an authentication attempt triggers server fail fallback, the end device can reattempt authentication after a period of time. The default time interval that the end device must wait for reauthentication is 60 minutes. The reauthentication time interval can be configured using the reauthentication CLI statement.

The server might become available before the reauthentication timer expires. When the RADIUS reachability feature is enabled, it triggers reauthentication once it detects that the server is reachable, without waiting for the reauthentication timer to expire. Once a session moves to server fail fallback, the authenticator will periodically query the server by initiating authentication for that session. When the authenticator receives a response, indicating that the server is reachable, it will initiate authentication for all server fail sessions.

To enable RADIUS reachability, you must configure the query period, which determines how often the authenticator queries the server for reachability. Configure the query period using the following command:


The query period can not be longer than the quiet period. The quiet period is the period during which the interface remains in the wait state following a failed authentication attempt before reattempting authentication.