Netlogin issue with 802.1X
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-05-2022 10:29 AM
Hello,
I've currently a issue with 802.1X authentications on Exos.
Session Timeout: 5400sec
Reauth timer: 3600sec
Reauth takes action after 1h. So far so good. But the reauthentication event did not reset the session counter of a 1X session. That causes that the session is terminated after another 30min.
I am wrong in my thinking or is this a bug in Exos?
I've currently a issue with 802.1X authentications on Exos.
Session Timeout: 5400sec
Reauth timer: 3600sec
Reauth takes action after 1h. So far so good. But the reauthentication event did not reset the session counter of a 1X session. That causes that the session is terminated after another 30min.
I am wrong in my thinking or is this a bug in Exos?
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-06-2022 08:35 AM
I would think the session-timeout parameter, if set, is a global maximum timer set for the session. Period. The session is only allowed to last 5400s (in your case) and upon reaching this timeout, terminated. I think it's use is more attune to daily limits. i.e. you would set a session-timeout of 8 hours to cover a general business day allowing users to authenticate to the port but not remain connected past the end of the day. Or in a coffee shop you would set it to one hour to allow a transient guest to use the services but be terminated shortly after they leave.
Otherwise re-authentication simply forces the client to re-authenticate, calculate new keys, etc.
Otherwise re-authentication simply forces the client to re-authenticate, calculate new keys, etc.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-06-2022 02:50 AM
Could be a bug but I rather think this is a config issue. Could be fdb timeout or something else that clears the session.
The log should tell you what did terminate the session, idle timeout or something else.
The log should tell you what did terminate the session, idle timeout or something else.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-06-2022 04:25 AM
Thanks Oscar,
thanks for your answer.
The session is definitely terminated by reaching the session timeout. When I set the session timeout to 0 it's working.
But, from my understanding, a reauthentication should reset the session timer. And this isn't.
Reauthentication takes action. I can see this on switch-CLI by checking reauth-timer and in Extreme Control Endsystem history.
thanks for your answer.
The session is definitely terminated by reaching the session timeout. When I set the session timeout to 0 it's working.
But, from my understanding, a reauthentication should reset the session timer. And this isn't.
Reauthentication takes action. I can see this on switch-CLI by checking reauth-timer and in Extreme Control Endsystem history.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-06-2022 05:56 AM
It could be the mac session disconnects the client ?
But I would log a case and get this investigated.
But I would log a case and get this investigated.