6-29
RADIUS Authentication, Authorization, and Accounting
Cached Reauthentication
Figure 6-12. Example of Configuring the Maximum Number of Consecutive Cached Reauthentications
Timing Considerations
The reauth period when the RADIUS server is unavailable is the configured 
reauth period plus an additional X seconds, where X can vary from 1 to 
approximately 30 seconds in most cases, depending on the number of RADIUS 
servers and other RADIUS parameters. This period of time can be more or less 
than 30 seconds if the default “server-timeout” values for 802.1X or Web/MAC 
Syntax: [no] aaa authentication <port-access | web-based | mac-based > 
<primary method> 
       < secondary-method>
Allows reauthentications to succeed when the RADIUS server 
is unavailable. Users already authenticated retain their 
currently-assigned session attributes.
The primary methods for port-access authentication are local, 
chap-radius, or eap-radius.
The primary method for web-based or mac-based authentica-
tion is chap-radius.
The secondary methods can be none, authorized, or cached-
reauth.
The default secondary authentication for all types of port 
access remains “none”. 
Syntax: [no] aaa port-access <authenticator | web-based | mac-based> <port-
list> 
cached-reauth-period [1-2147483647]
Configures the period of time (in seconds) during which 
cached reauthentication is allowed on the port.
Default: No limit is set.
HP Switch(config)# aaa port-access web-based 6-8 cached-reauth-period 86400
The cached-reauth-period is set to 86400 seconds (1440 
minutes, or 24 hours).