cancel
Showing results for 
Search instead for 
Did you mean: 

OAC status after IC down

SOLVED
Kashif_
Occasional Contributor

OAC status after IC down

 

Hi

 

I have mulitple IC deployed in Lab and authenticating the endpoint using a Cisco 3750. I have configured multiple radius on the switch as a backupp. While doing the testing I brought  one of the IC down,so that it authenticates via second IC, after a little while OAC went into retrying , authenticating and then in terminated mode and session is still active.

 

Has anyone experienced this before?

 

Regards

Kashif

1 ACCEPTED SOLUTION

Accepted Solutions
Stanislas P_
Contributor

Re: OAC status after IC down

Hi,

 

When a computer with OAC connect to the switch port, there is the 802.1x communication.

At the end, the IC send

  • to the switch RADIUS attributes (VLAN, ...)
  • to the computer the IP address for the realtime connection

After 802.1x, the OAC connect to the received IP address through HTTPS

 

If the IC is not available from switch, it will redirect next authentication to the secondary IC. existing connections won't be disconnected by the switch to connect to the new active IC.

The HTTPS connection will time out and is displayed as "Terminated"

 

If you want to keep connection from OAC, you need to define IC as active / Passive cluster to share one IP address or as Active / active Cluster with an external Load balancer.

 

Regards,

 

Stan

 

View solution in original post

2 REPLIES 2
Stanislas P_
Contributor

Re: OAC status after IC down

Hi,

 

When a computer with OAC connect to the switch port, there is the 802.1x communication.

At the end, the IC send

  • to the switch RADIUS attributes (VLAN, ...)
  • to the computer the IP address for the realtime connection

After 802.1x, the OAC connect to the received IP address through HTTPS

 

If the IC is not available from switch, it will redirect next authentication to the secondary IC. existing connections won't be disconnected by the switch to connect to the new active IC.

The HTTPS connection will time out and is displayed as "Terminated"

 

If you want to keep connection from OAC, you need to define IC as active / Passive cluster to share one IP address or as Active / active Cluster with an external Load balancer.

 

Regards,

 

Stan

 

Kashif_
Occasional Contributor

Re: OAC status after IC down

 

Thanks Stan