> Would it be right to say that a RADIUS server in 802.1X authentication > allows a client to be authenticated but can not unauthenticate a > authenticated client and let the AP(Nas) know about this > unauthentication. I guess it comes down to RADIUS server responds to > clients but does not initiate talking to clients.
That's true, the radius server just responds to the NAS equipment (being that wireless access point or a dial-up access server or a VPN access server etc...). > So, if I log on with my XP laptop through 802.1X successfully and then a > few minutes later, the system admin logged off all users (including me) > with the intent to force reauthentications. But, my laptop thinks it's > still authenticated and logged in. Well if the admin, instructs the NAS equipment to log-off all the users your laptop should know immediately that its disassociated from the wifi AP. When your laptop ties to log-on again, and makes that request to the AP, the AP will contact the radius server again. -- damjan | ÐÐÐÑÐÐ This is my jabber ID --> [EMAIL PROTECTED] <-- not my mail address!!! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html