Hello everyone
I want to implement the scenario below, since I'm trying to enable re-auth:
- Login window displays in client system
- User types wrong information
- Authentication fails
- Login window displays again
switch sends re-authentication packet but login window doesn't display in client system
My control policy and interface configuration is like below:
interface GigabitEthernet0/23
subscriber aging inactivity-timer 10 probe
switchport mode access
switchport nonegotiate
authentication periodic
authentication timer reauthenticate 180
access-session host-mode single-host
access-session port-control auto
dot1x pae authenticator
dot1x timeout quiet-period 1
dot1x timeout tx-period 3
service-policy type control subscriber PORT-AUTH-POLICY
end
policy-map type control subscriber PORT-AUTH-POLICY
event session-started match-all
10 class always do-until-failure
10 authenticate using dot1x priority 10
event authentication-failure match-first
10 class DOT1X-FAILED do-until-failure
5 terminate dot1x
40 class always do-until-failure
5 terminate dot1x
40 authentication-restart 180
event agent-found match-all
10 class always do-until-failure
20 authenticate using dot1x priority 10
event authentication-success match-all
10 class always do-until-failure
10 activate service-template DEFAULT_LINKSEC_POLICY_SHOULD_SECURE
class-map type control subscriber match-all DOT1X-FAILED
match method dot1x
match result-type method dot1x authoritative
(actually my laptop received EAP-Request/Identity response but windows didn't display it)
