Re: difference between Reauthentication action of Common Task for Authorization Profile

lhviet001 · ‎04-03-2015

Hi guys,

Would you mind helping me to choose reauthentication action for Authorization Profile?

At Cisco ISE User Guide got "Reauthentication—To choose, select the check box and enter a value in seconds for maintaining connectivity during reauthentication. You can also choose attribute values from the Timer drop-down list. You choose to maintain connectivity during reauthentication by selecting to use either the default (a value of 0) or RADIUS-Request (a value of 1) from the drop-down list. Setting this to the RADIUS-Request value maintains connectivity during the reauthentication process."

Then, what is "default" behaviour? What is different between default action and Radius-Request action ?

On the other hands, could someone explain in detail the sequence and priority of IEEE 802.1X, MAC authentication bypass (MAB), and Central Web Authentication (CWA). I read a lot of paper, but still don't get it. It is possible to configure MAB will be fail in Authentication Policy with Wire_MAB ?

Appreciate all your help!!!

yuzhan4 · ‎06-22-2020

According to RFC the two Termination-actions are defined as following:

3.19. Termination-Action

   This attribute indicates what action should be taken when the service
   is completed.  The value RADIUS-Request (1) indicates that re-
   authentication should occur on expiration of the Session-Time.  The
   value Default (0) indicates that the session should terminate.

https://tools.ietf.org/html/rfc3580#section-3.19