Server Fail Fallback and Authentication
SUMMARY
Configuring RADIUS Reachability to Reauthenticate Server Fail Sessions
When an authentication attempt triggers server fail fallback, the end device can
reattempt authentication after a period of time. The default time interval that
the end device must wait for reauthentication is 60 minutes. The
reauthentication time interval can be configured using the
reauthentication CLI statement.
The server might become available before the reauthentication timer expires. When the RADIUS reachability feature is enabled, it triggers reauthentication once it detects that the server is reachable, without waiting for the reauthentication timer to expire. Once a session moves to server fail fallback, the authenticator will periodically query the server by initiating authentication for that session. When the authenticator receives a response, indicating that the server is reachable, it will initiate authentication for all server fail sessions.
To enable RADIUS reachability, you must configure the query period, which determines how often the authenticator queries the server for reachability. Configure the query period using the following command:
set protocols dot1x authenticator radius-reachability query-period
The query period can not be longer than the quiet period. The quiet period is the period during which the interface remains in the wait state following a failed authentication attempt before reattempting authentication.