topic Re: New authentication during an active session in Network Access Control

New authentication during an active session

sascha-werner — Tue, 05 May 2026 19:29:35 GMT

Good evening,

I have several clients at remote locations that initiate a new authentication every 30–45 seconds after a successful authentication.
Could this be due to latency?

The TotalAuthLatency is ~500–550 and the ClientLatency is ~400–500.
Sometimes the problem just stops “out of the blue,” and the system waits until the timer expires (8,600 seconds).
Other clients don’t have this problem at all, even with the same latency times.

All clients are configured identically.

EAP-TLS is used as the authentication protocol.
The switches are the same as those at headquarters (C2960xr) with the same AAA configuration.

Thanks for your input.

-Sascha

Re: New authentication during an active session

Aref Alsouqi — Wed, 06 May 2026 08:36:42 GMT

Have you noticed if those sessions loses the connection before they try to reauthenticate? I think what might be happening here is that the connection gets dropped and as a result a new session needs to be established. Best thing I would recommend here would be looking at the logs and keep an active monitor to the remote site to see if when that issue happens the connection is dropped. If that is the case then probably I would check with the ISP and see why that happens and if there is a way to get a more reliable line. Also, I think the maximum latency recommended between ISE and the NADs is 200 ms and you seem to have way higher latency than that.