cancel
Showing results for 
Search instead for 
Did you mean: 

Force a client re-authentication directly via CLI (EXOS / EOS)

Force a client re-authentication directly via CLI (EXOS / EOS)

M_Nees
Contributor III
Hi,

during a HP (2920) Switching / NAC project i learned that MAC or 802.1x re-authentication can be done directly via switch CLI:

code:
aaa port-access mac-based <
port-list
> reauthenticate

code:
aaa port-access authenticator 
<
port-list
> reauthenticate

This is a nice feature especially you do not have Netsight NAC with NAC Managers "Force Re-auth" button.

In the past everybody uses a hard port link down/up - but the above command is smarter especially you have multi-user on that regarding port.

Is there a similar command for re-authentication available on EXOS / EOS ??

Regards
10 REPLIES 10

Zdeněk_Pala
Extreme Employee
The RFC3576 works on EOS. It is enabled by default and I have no idea if you can disable it. So no need for documentation. I am sure you will find the RFC in the datasheet. And you are right we do support the CoA in 22.x
Regards Zdeněk Pala

"Is Change of Authorization (CoA) supported on EOS switches?

  • Article Type:
  • Q & A
  • Article Number:
  • 000038365
  • Last Modified:
  • 3/13/2019"

"Environment

  • EOS
  • 7100-Series
  • K-Series
  • S-Series
  • Securestack
  • CoA
  • RFC5176

Answer

RFC5176 Dynamic Authorization Extension to RADIUS is supported on S/K/7100 platforms but not on Securestack switches. "

Source: https://extremeportal.force.com/ExtrArticleDetail?n=000038365

Hi Andre,

as i tcpdump with current EXOS - Force reauth (from NAC Gateway) is done via dot1x snmp MIB (for both mac and 802.1x).

By the way other switches like H3C provide CoA (Change of Authorization) which is known from Wireless for re-auth. This is also a smart method.

Regards

M_Nees
Contributor III
Hi Zdenek,

regarding CoA:

EXOS support that started on EXOS V22.1
configure radius dynamic-authorization ...
EOS support this feature only on S/K maybe N-Series - but not on (edge) SecureStacks.
set radius authorization dynamic ...

Searching last V8.61 s-series manuals i found no entry for that feature :-((
is my search wrong or is there no manual entry for that feature ?

Regards
GTM-P2G8KFN