- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
03-08-2021 04:33 PM
Hi guys,
can anyone help me with manual re-auth for Clients connected on ERS35 or 36?
I’m currently migrating NAC off Ignition towards Control, and I don’t really enjoy waiting until the re-auth timer passes and the switch sends an re-auth request to the new Radius Server (Control)…
“eap init re-authenticate” doesn’t work…
Has anyone an idea?
Thanks and BR
Tobias
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
03-09-2021 01:43 PM
Tobbias,
Reading again your post, the solution is to configure the ERS with the template mentionned in the post above concerning the re-auth server.
Configure the re-auth behaviour in Control and send a re-authentication command per client.
Mig
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
04-01-2021 06:16 AM
Thanks for you answer, Mig !
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
03-09-2021 01:43 PM
Tobbias,
Reading again your post, the solution is to configure the ERS with the template mentionned in the post above concerning the re-auth server.
Configure the re-auth behaviour in Control and send a re-authentication command per client.
Mig
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
03-09-2021 01:40 PM
Tobbias,
Did you configured the CoA in IDE?
I never tested it but you could maybe configure IDE as radius auth server and Control as CoA server as the settings for radius server and coa server are separate.
Mig
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
03-09-2021 12:51 PM
Hi Mig, thanks for the reply.
Yes, I use the displayed re-auth settings.
But I mean something else.
The customer has active NAC sessions on his ERS, the active Radius Server is Ignition. The Ports are configured to re-authenticate every 3500 seconds.
I am not allowed to disable and re-enable all the ports, so I’m only allowed to change the Radius settings and wait unitl the re-authentication timer triggers the switch to send new request to the Radius.
Therefore I am looking for a command that forces the ERS to re-authenticate the clients after I changed the Radius Server. I don’t want to wait those 3500 seconds…
I hope you can follow what I’m saying… 😉
Stay safe!
Tobias