Reply-message and supplicant
Arran Cudbard-Bell
A.Cudbard-Bell at sussex.ac.uk
Mon Jun 8 12:34:04 CEST 2009
On 8/6/09 11:27, A.L.M.Buxey at lboro.ac.uk wrote:
> Hi,
>
>> IIRC, there's a suggestion to do this, but the actual cut-off number
>> is vendor-specific.
>
> ..and i guess this cutoff is reported as an EAP failure and therefore kit
> configured to block/deny access will mean the eg the 3rd tunnel creation
> will be the last for some time....
Yes. Some kit has a configurable 'quiet-period'. So that after the EAP-Success or EAP-Failure message, it'll wait for a specified period before allowing another authentication attempt on that port. At
least this is true of ProCurve products, and it seems like a sensible feature so I'm sure Cisco et al will have implemented it too.
Arran
--
Arran Cudbard-Bell (A.Cudbard-Bell at sussex.ac.uk),
Authentication, Authorisation and Accounting Officer,
Infrastructure Services (IT Services),
E1-1-08, Engineering 1, University Of Sussex, Brighton, BN1 9QT
DDI+FAX: +44 1273 873900 | INT: 3900
GPG: 86FF A285 1AA1 EE40 D228 7C2E 71A9 25BB 1E68 54A2
More information about the Freeradius-Users
mailing list