issue with 802.1x following a switch reload

kagimono · ‎01-19-2023

Good day,

We have an issue with 802.1x clients authenticating following a switch reload, i am not 100% sure but it seems to be mainly on stack switches following firmware upgrades, as a guess i would suspect this is an order of operations issue,

the stack reloading and going through the various negotiations the authentication request is failing then timing out, is this a fair assumption ?

I am curious to find a way to resolve this without using a EEM script to detect a reload and issue a 'clear authentication sessions' command to restart all 802.1x supplicants. (id say this option could be made more granular to find those devices that have failed authentication and not reauthenticate all devices, id rather find a less complex resolution)

Is there a way to adjust or delay the 802.1x authentication timers to wait until the switch or switch stack is fully set following a reload?

many thanks

marce1000 · ‎01-19-2023

- Perhaps checking the radius server logs (if applicable), could provide more insights ,

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

MHM Cisco World · ‎01-20-2023

authentication event server alive action reinitialize <<-
first before upgrade you can shut the interface toward AAA server or try above command without shutdown the interface.
this command if SW upgrade the Server will be die and then alive again when upgrade finish,
this command force interface to re-initialize dot1x process