Timing considerations

The reauth period when the RADIUS server is unavailable is the configured reauth period plus an additional X seconds, where X can vary from 1 to approximately 30 seconds in most cases, depending on the number of RADIUS servers and other RADIUS parameters. This period of time can be more or less than 30 seconds if the default "server-timeout" values for 802.1X or web-based/MAC authentication have been changed from their default values. The period of time represented by X is how long 802.1X or web-based /MAC authentication waits for a RADIUS response.

Procedure
  1. A cached-reauth-period is set to 900 seconds (15 minutes) and the reauth period is 180 seconds.
  2. A client is successfully authenticated or reauthenticated.
  3. The RADIUS server becomes unavailable. In 180 seconds from the authentication in step 1, 802.1X or web-based/MAC authentication initiates reauthentication.
  4. In X seconds after the initiation of authentication in step 3 (1 to 30 seconds if default values for 802.1X or web-based/MAC authentication are used), 802.1X or web-based/MAC authentication receives notification that the RADIUS server is unavailable.
  5. 802.1X or web-based/MAC authentication allows the first cached reauthentication and starts the cached reauth period.
  6. A number of cached reauthentications occur within the 900 seconds after the start of the cached reauth period in step 5. These have a period of 180 + X seconds.
  7. The cached reauthentication period (900 seconds) ends.
  8. The next reauthentication begins 180 seconds after the last cached reauthentication.
  9. In X seconds after the reauthentication in step 8, 802.1X or web-based/MAC authentication receives notification that the RADIUS server is still unavailable.
  10. 802.1X or web-based/MAC authentication terminates the client's session.