02-15-2019 03:07 AM
Hello,
Why do devices that are unknown or that have no authorization policy constantly try to reauth every minute? Surely once they have failed & denied access a few times then you don't want them constantly sending radius requests. Is there a way to change the reauth timer so it only reauth when the port transitions to "up connected"?
Jason
Solved! Go to Solution.
02-15-2019 05:35 AM
Unless you are doing a complete whitelisted setup, you really shouldn't be denying access to the network. Every device should have an authorization policy applied. The default policy should be a Limited Access policy with a DACL applied to allow access to the PSNs and DNS. DNS is there to allow redirection to a portal if you want.
02-15-2019 05:35 AM
Unless you are doing a complete whitelisted setup, you really shouldn't be denying access to the network. Every device should have an authorization policy applied. The default policy should be a Limited Access policy with a DACL applied to allow access to the PSNs and DNS. DNS is there to allow redirection to a portal if you want.
02-18-2019 01:37 AM
We are whitelisting. Nothing should be allowed to connect to the wired network in our environment unless it is a "known/trusted" device. The devices we are seeing which are not authorised are filling our live radius logs & it is these I want to limit.
02-18-2019 05:36 AM
03-01-2019 02:24 AM
That really helpfull, That might be what you would do but in our environment we only allow authorised devices on the wired network.
02-15-2019 05:45 AM
02-18-2019 01:42 AM
Can you do this with MAB authentication?
02-16-2019 01:16 PM
I agree with paul.
dot1x timeout quiet-period seems what you asked for.
02-18-2019 01:41 AM
I probably should have mentioned we are doing MAB authentication not dot1x
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide