A have a strange problem i want to share with you. Possibly a bug but maybe it is me who does something wrong.
My network looks like this:
[RADIUS] --- [C881] --- [SG200 Switch] ---[WinXP]
One of SG200 interfaces is set as a Supplicant ant it authenticates in RADIUS (FreeRADIUS) server via C881 router. WinXP and other PC clients authenticate in RADIUS via SG200.
Now: Authentication works perfectly. Ports open as they're supposed to. I'm able to reach RADIUS from SG200 and vice versa but there is a problem with WinXP. When i connect it to SG200 it authenticates, port opens and I'm able to reach RADIUS or any host on the left hand side but only for 300 seconds. After that period of time C881 looses WinXP from its ARP table and any communication fails. I cant even reach C881's interface facing SG200. Then i type:
Are you sending the session-attribute from the free radius server? Do you have any debugs or a packet capture of the radius traffic, so we can rule this out of the equation. What happens if the client is plugged direcly into the switch port of the 881 do you see the same behavior?
Are you sending the session-attribute from the free radius server?
To be honest im not sure what you mean, but i have strong suspicion that my problem has nothing with freeradius.
Host authentication works perfectly. When i connect WinXP directly to routers switch ports everything works fine. Either the switch itself has a connection to the router all the time - even when WinXP and C881 dont see each other.
Furthermore - All ports are authenticated and open all the time, its' state doesn't change. Reauthentiction is turned off.
When the problem occurs i see no traffic to radius server. hre is how it looks:
When i connect WinXP to the switch it works at the begining.
I check ARP table on the router - WinXP is there.
I periodically check ARP table and after ap. 300 seconds (default arp entry timeout) WinXP disappears and communication brakes down.
Additionally when i change ARP timeout value to shorter or longer communication breaks earlier or later respectivly
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...