I'm trying to setup a switch so that it will send a non-dot1x supplicant to a guest vlan so that they can retrieve and install the dot1x configuration files. Then once they reauthenticate they get authorised by our NAC system which works via freeradius.
All this works with no problems, but I'm finding that the no-response event kicks in a little too quickly and my registered supplicants are being put into this vlan whenever they boot up. If I remove this line from the config they get put into the production vlan via the NAC with no problems.
The switchport config is:
switchport mode access
authentication event no-response action authorize vlan 704
authentication order dot1x
authentication priority dot1x
authentication port-control auto
authentication periodic
authentication timer restart 10800
authentication timer reauthenticate 7200
no snmp trap link-status
dot1x pae authenticator
dot1x timeout tx-period 3
dot1x timeout supp-timeout 60
spanning-tree portfast
As you can see I have cranked up the supp-timeout to 60 seconds to see if this helps resolve the issue. However it hasn't, the supplicant gets put into the vlan 704 almost immediately after the boot up. If I remove the no-response line, the client gets put into the production vlan straight away.
Can anyone help please?
