Configuring a client for retain-unauth-clients

A series of steps must be undertaken to configure a client for enforce-cache reauthentication.

Procedure
  1. (config)# aaa authentication port-access eap-radius cached-reauth
    Enable cache-reauth as secondary authentication method
  2. (config)# aaa port-access authenticator <PORT-LIST>

    Associate the specific port with port-access authenticator for 802.1x authentication

  3. Configure server timeout < (no. of retransmit+1)*timeout default is [(3+1)*5] 20sec
    (config)# show radius
    
     Dead RADIUS server are preceded by *
    
      Deadtime (minutes)             : 0
      Timeout (seconds)              : 5
      Retransmit Attempts            : 3
      Global Encryption Key          :
      Dynamic Authorization UDP Port : 3799
      Source IP Selection            : Outgoing Interface
      Tracking                       : Disabled
      Tracking Period (seconds)      : 300
      CPPM Identity                  :
    
                      Auth  Acct  DM/ Time   |
      Server IP Addr  Port  Port  CoA Window | Encryption Key  OOBM
      --------------- ----- ----- --- ------ + --------------- ----
     <Server IP>       1812  1813  No   300  | <encryption-key>   No
    
    
    (config)# aaa port-access authenticator <PORT-LIST> server-timeout
    
  4. (config)# aaa port-access authenticator <PORT-LIST> enforce-cache-reauth

    Enable enforce-cache-reauth on the 802.1x authentication associated port.

  5. (config)# aaa port-access authenticator <PORT-LIST> cached-reauth-period

    Set the cache-reauth-period for 802.1x associated port.

    1. Time in seconds, <1-2147483647> , during which cached reauthentication is allowed on the port. The minimum reauthentication period should be greater than 30 seconds.
  6. (config)# aaa port-access authenticator <PORT-LIST> reauth-period

    Set the reauth-period for the 802.1x associated port.

    1. Enter a number, <0-999999999> .
  7. (config)# aaa port-access authenticator <PORT-LIST> [auth-vid <VLAN-ID> | cached-reauth-period | clear-statistics | client-limit <1-32> | control | enforce-cache-reauth | initialize | logoff-period | max-requests <1-10> | quiet-period <1-65535> | reauth-period <0-999999999>| reauthenticate | server- timeout <1-300> | supplicant-timeout | tx-period | unauth-period <0-255> | unauth-vid <VLAN-ID>]

    Specifies parameters and limits on the configured client authentication.

  8. (config)# aaa port-access authenticator active

    Initializes the authenticator.