Suggest some test to customer and potential workaround to test.

1. Either adjust the config from a networking perspective (e.g. no spanning-tree) to ensure the RADIUS connection is up asap.

If we configure: 'no spanning-tree vlan x' then this issue should no longer seen.

This maybe still not working as we still relay on short time.

--------------------------------------------------​----------------------------------------

2. Adjust the mab config so that it either re-tries to authenticate periodically or else re-initialises when the server comes back.

The former can be done with the following config:

authentication timer restart 60
authentication event server dead action authorize vlan 11
authentication event server alive action reinitialize

This is not a good choice since we would have very short authentication periode in a life system

--------------------------------------------------​----------------------------------------

3. Create system-startup kron job which is run once at system startup.

This is not possible since running again and again

Create a policy-list which clears all authentication sessions (manual re-auth)

kron occurrence autostart in 2 recurring system-startup
policy-list force-reauth
!
kron policy-list force-reauth
cli clear authentication session
!

This will clear all sessions every 2 minutes after the system is up and again and again.

Not what we like to have. Option 3 is not an option.

--------------------------------------------------​----------------------------------------

4. This is the configuration solution work around


event manager applet onboot

event timer cron cron-entry "@reboot"

action 1.10 wait 20

action 2.10 cli command "enable"

action 2.20 cli command “clear authentication session "

action 6.10 syslog msg "cleared auth sessions"


This is the solution!

--------------------------------------------------​----------------------------------------