There are many customer deployments wherein the switches and WLCs authenticates the clients using 802.1X authentication methods which uses EAP to exchange messages during the authentication process. Here, AAA servers acts as Authenticator. Typically, AAA servers are deployed remotely and connected to enterprise over the WAN link. In short, client authenticates with the AAA server through Switch/WLC. In the scenarios such as, if AAA server(s) is/are down OR the respective link between "Switch/WLC and AAA servers" is down and in-turn servers are not reachable, clients will fail to connect, and service will be impacted. There are techniques which caches the authentication credentials locally on the Switch/WLC when client connects first time. Further when client connects to the same Switch/WLC next time, this local cache can be used to authenticate the client even when AAA server is not available. But there is no guarantee the next time client will connect to the same Switch/WLC. In such cases client connectivity will fail, even though Authentication Cache is available with the other Switch. The techniques presented here is one such method for the clients to re-connect to any Switch/WLC of a particular deployment, even when the link is down, or AAA server(s) is/are not reachable. As per this method, when client connects first time, authentication credentials are stored on any one of the Switch/WLC by hashing the client MAC address. Further if client re-connects to a different Switch/WLC and if AAA servers are not available or reachable, then Switch/WLC will calculate the hash using the client MAC address and find the right Switch/WLC to fetch the authentication details to proceed with client authentication and connectivity.
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.
M M, Niranjan and Kothamasu, Vijay, "METHOD TO OPTIMISE DISTRIBUTION OF AUTHENTICATION INFORMATION FOR CLIENT RE-CONNECTIVITY", Technical Disclosure Commons, (March 23, 2022)