6-28
RADIUS Authentication, Authorization, and Accounting
Cached Reauthentication
Cached Reauthentication
Cached reauthentication allows 802.1X, web, or MAC reauthentications to 
succeed when the RADIUS server is unavailable. Users already authenticated 
retain their currently-assigned RADIUS attributes. Uninterrupted service is 
provided for authenticated users with RADIUS-assigned VLANS if the RADIUS 
server becomes temporarily unavailable during periodic reauthentications. 
Cached reauthentication is similar to the authorized authentication method 
in that user credentials are not checked. Any user credentials are valid even 
if they are different from those used during the last successful authentication 
of the same session. However, cached reauthentication maintains the current 
session attributes, unlike the authorized authentication method. New authen-
tications are not allowed. The RADIUS server can be the only allowed source 
of session attributes for authenticated users. 
Reauthentications are not disabled when the RADIUS server is unavailable. 
The switch initiates reauthentications of clients at the specified period and 
the clients must comply with the requirements for the reauthentication pro-
cedure exactly as is done for the authorized authentication method. 
The table below summarizes the differences between the authorized method 
and the cached reauthentication method. 
Cached reauthentication is supported for 802.1X, Web authentication, and 
MAC authentication. For more information about Web/MAC authentication, 
see “Web and MAC Authentication” in the Access Security Guide for your 
switch. For more information on 802.1X, see “Configuring Port-Based and 
User-Based Access Control (802.1X) in the Access Security Guide for your 
switch.
Authorized Cached Reauthentication
New authentications are allowed when RADIUS server is 
unreachable.
New authentications are not allowed when RADIUS server 
is unreachable.
All previously RADIUS-assigned attributes are voided 
and replaced by switch-configured values on reauthen-
tication when RADIUS server is unreachable.
All previously assigned attributes remain in effect on reau-
thentication when RADIUS server is unreachable.