Resilient 802.1x cached-reauth

802.1x authenticated clients are placed in cached-reauthentication phase when a RADIUS server is not reachable. The switch sends an EAPOL (Extensible Authentication Protocol Over LAN) start message to reauthenticate the client before RADIUS connection timeout occurs or the server-times out. When configured, the client may be authorized to use a cached reauthentication as a backup method for access to the RADIUS server. Currently Aruba switches support primary and fallback authentication for both MAC authentication & DOT1x authentication. If the RADIUS server is down or unreachable, the fallback method is applied using one of the three methods available:


When configured, authenticated clients are authorized.

Cached reauthentication

When configured, the client is authorized for the configured cached reauthentication period or RADIUS server reachability.


If none is configured, for the client, the client will be de-authenticated. None is the default.