Barracuda Networks VERSION SP4 User Manual
195 Barracuda NG Network Access Client - Administrator’s Guide
•
A re-authentication is triggered manually on the switch by a user through the
command-line interface.
command-line interface.
Finally, section III shows the way the logoff command is sent to the switch in order to disable the line
protocol on the port. There are several possibilities for the log-out process:
protocol on the port. There are several possibilities for the log-out process:
•
The user shuts down the operating system on the client computer.
•
The user logged off the operating system on the client computer.
•
The user executed the logoff command manually using the Barracuda NG
Access Monitor or the command-line interface.
Access Monitor or the command-line interface.
See for the EAPOL packet frames.
14.3.12
VLAN Assignment
Network access control is enforced by assigning the client different VLANs, each for a different state:
It is possible that to the client computer is a different VLAN addigned by the RADIUS server due to a
failed authentication resulting of either:
failed authentication resulting of either:
•
A change of the clients health state. This is the most common reason.
•
A change of the configuration on the Access Control Server.
•
A not matching session password.
If this happens, then the switch will enter the Quiet Period, meanwhile disabling the line protocol and
not responding to any packets received on the port the client computer is connected to.
not responding to any packets received on the port the client computer is connected to.
For faster response time it is recommended to set this value to 1 second. To change the quiet period,
follow the steps below in privileged EXEC mode using a command-line interface on the switch.
follow the steps below in privileged EXEC mode using a command-line interface on the switch.
Command:
•
configure terminal
Enter the global configuration mode
Table 14–11
VLAN
Condition
Description
Guest VLAN
Default VLAN which is initially assigned to the client computer
Authentication Fail
The authentication against the
RADIUS server failed
RADIUS server failed
The client computer will be assigned this VLAN if he fails to
authenticate successfully before the maximum number of
authentication failures is reached. The maximum number failures can
be configured on the switch by setting the option
AuthFail-Max-Attempts in the dot1x configuration on the desired port
authenticate successfully before the maximum number of
authentication failures is reached. The maximum number failures can
be configured on the switch by setting the option
AuthFail-Max-Attempts in the dot1x configuration on the desired port
Healthy
The client computer met all health
requirements
requirements
This is the VLAN the client computer is indented to be assigned to.
Unhealthy
The client computer did not meet
health requirements
health requirements
In the Unhealthy-VLAN the client computer must be able to evaluate
his health state and access resources vital for restoring a healthy
state.
his health state and access resources vital for restoring a healthy
state.
In the given engineering environment, the switch always enters the quiet period on the port the client computer is
connected to, whenever a different one than the currently assigned VLAN is assigned to the client computer.
connected to, whenever a different one than the currently assigned VLAN is assigned to the client computer.