Hi,

Although I do not have re-authentication enabled and no RADIUS time-out attributes are sent to the switchport, the switch suddenly, for no reason, triggers a reauthentication after a few minutes.

Sometimes after only one minute, other times it lasts for about 4 to 10 minutes ...

For testing, I only work with the internal Cisco PA-token.

When I debug dot1x-events on the switch, at the moment of the re-authentication, I receive this:

2w2d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required

on GigabitEthernet1/0/20.

2w2d: dot1x-ev:Enqueued the eapol packet to the global authenticator queue

2w2d: dot1x-ev:Received pkt saddr =0006.5b26.6024 , daddr = 0180.c200.0003,

pae-ether-type = 888e.0101.0000

2w2d: dot1x-ev:Sending create new context event to EAP for 0006.5b26.6024

2w2d: dot1x-ev:GigabitEthernet1/0/20:Sending EAPOL packet to group PAE address

2w2d: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required

on GigabitEthernet1/0/20.

2w2d: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on GigabitEthernet

1/0/20

...

Also, after (re)authentication, I'm almost always receiving the Healthy-state several times (2 or 3 times) within a few seconds in stead of 1 time. (i can see this in the passed authentication log).

Anyone has an idea what could be the reason?