02-15-2019 03:07 AM
Hello,
Why do devices that are unknown or that have no authorization policy constantly try to reauth every minute? Surely once they have failed & denied access a few times then you don't want them constantly sending radius requests. Is there a way to change the reauth timer so it only reauth when the port transitions to "up connected"?
Jason
Solved! Go to Solution.
02-15-2019 05:35 AM
Unless you are doing a complete whitelisted setup, you really shouldn't be denying access to the network. Every device should have an authorization policy applied. The default policy should be a Limited Access policy with a DACL applied to allow access to the PSNs and DNS. DNS is there to allow redirection to a portal if you want.
02-15-2019 05:35 AM
Unless you are doing a complete whitelisted setup, you really shouldn't be denying access to the network. Every device should have an authorization policy applied. The default policy should be a Limited Access policy with a DACL applied to allow access to the PSNs and DNS. DNS is there to allow redirection to a portal if you want.
02-18-2019 01:37 AM
We are whitelisting. Nothing should be allowed to connect to the wired network in our environment unless it is a "known/trusted" device. The devices we are seeing which are not authorised are filling our live radius logs & it is these I want to limit.
02-18-2019 05:36 AM
03-01-2019 02:24 AM
That really helpfull, That might be what you would do but in our environment we only allow authorised devices on the wired network.
02-15-2019 05:45 AM
02-18-2019 01:42 AM
Can you do this with MAB authentication?
02-16-2019 01:16 PM
I agree with paul.
dot1x timeout quiet-period seems what you asked for.
02-18-2019 01:41 AM
I probably should have mentioned we are doing MAB authentication not dot1x
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: