Hi there

I have a dot1x client with client certificate working well with my ACS 5.2 and EAP-TLS. Now I would like to configure the Re-Auth periode on the ACS 5.2, I did the following:

1. Configure a Access Profile with Reauthentication Timer = static and 30 seconds (see attachment ACS1.png and ACS2.png)

2. Enabled authentication periodic and authentication timer reauthenticate server on switchport

interface GigabitEthernet1/0/x

description to dot1x clients

switchport access vlan 5

switchport mode access

authentication event fail action authorize vlan 998

authentication event server dead action authorize vlan 999

authentication event no-response action authorize vlan 997

authentication event server alive action reinitialize

authentication port-control auto

authentication periodic

authentication timer reauthenticate server

authentication violation protect

dot1x pae authenticator

spanning-tree portfast

end

In the debug (debug radius auth) is can see, that both RADIUS attributes are sent:

debug radius authentication

...

Aug 18 11:16:01.358: RADIUS:  Session-Timeout     [27]  6   30                       

Aug 18 11:16:01.358: RADIUS:  Termination-Action  [29]  6   16

But if I check the port is does show the default Re-Auth timer (3600 seconds):

show authentication sessions int gig 1/0/x

Interface:  GigabitEthernet1/0/x

Status:  Authz Success

Oper host mode:  single-host

Oper control dir:  both

Authorized By:  Authentication Server

Session timeout:  3600s (server), Remaining: 3569s

Timeout action:  Reauthenticate

Does anybody know if I missed something?

Thanks and best regards

Dominic