Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

OAC status after IC down

SOLVED
Go to solution
Kashif_
Occasional Contributor
‎10-08-2012 05:04:PM
‎10-08-2012 05:04:PM

OAC status after IC down

 

Hi

 

I have mulitple IC deployed in Lab and authenticating the endpoint using a Cisco 3750. I have configured multiple radius on the switch as a backupp. While doing the testing I brought  one of the IC down,so that it authenticates via second IC, after a little while OAC went into retrying , authenticating and then in terminated mode and session is still active.

 

Has anyone experienced this before?

 

Regards

Kashif

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
Stanislas P_
Contributor
‎10-09-2012 02:28:AM
‎10-09-2012 02:28:AM

Re: OAC status after IC down

Hi,

 

When a computer with OAC connect to the switch port, there is the 802.1x communication.

At the end, the IC send

  • to the switch RADIUS attributes (VLAN, ...)
  • to the computer the IP address for the realtime connection

After 802.1x, the OAC connect to the received IP address through HTTPS

 

If the IC is not available from switch, it will redirect next authentication to the secondary IC. existing connections won't be disconnected by the switch to connect to the new active IC.

The HTTPS connection will time out and is displayed as "Terminated"

 

If you want to keep connection from OAC, you need to define IC as active / Passive cluster to share one IP address or as Active / active Cluster with an external Load balancer.

 

Regards,

 

Stan

 

View solution in original post

0 Kudos
2 REPLIES 2
Stanislas P_
Contributor
‎10-09-2012 02:28:AM
‎10-09-2012 02:28:AM

Re: OAC status after IC down

Hi,

 

When a computer with OAC connect to the switch port, there is the 802.1x communication.

At the end, the IC send

  • to the switch RADIUS attributes (VLAN, ...)
  • to the computer the IP address for the realtime connection

After 802.1x, the OAC connect to the received IP address through HTTPS

 

If the IC is not available from switch, it will redirect next authentication to the secondary IC. existing connections won't be disconnected by the switch to connect to the new active IC.

The HTTPS connection will time out and is displayed as "Terminated"

 

If you want to keep connection from OAC, you need to define IC as active / Passive cluster to share one IP address or as Active / active Cluster with an external Load balancer.

 

Regards,

 

Stan

 

0 Kudos
Kashif_
Occasional Contributor
‎10-09-2012 03:06:PM
‎10-09-2012 03:06:PM

Re: OAC status after IC down

 

Thanks Stan

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.