Causes of client deauthentication immediately after authenticating

  • ACE formatted incorrectly in the RADIUS server
    • from

      , any, or to keyword missing.

    • An IPv4 or IPv6 protocol number in the ACE exceeds 255.

    • An optional UDP or TCP port number is invalid, or a UDP/TCP port number is specified when the protocol is neither UDP or TCP.

    • An ACE in the ACL for a given authenticated client exceeds 80 characters.

  • A RADIUS-assigned ACL limit has been exceeded.
    • The TCP/UDP port-range quantity of 14 per slot or port group has been exceeded.

    • The rule limit per slot or port group has been exceeded.

  • An IPv6 ACE has been received on a port and either the HP-Nas-Rules-IPv6 attribute is missing or HP-Nas-Rules-IPv6=2 is configured. See Nas-filter-rule options for more on this attribute.