On 8/6/09 11:27, [email protected] wrote:
Hi,
IIRC, there's a suggestion to do this, but the actual cut-off number
is vendor-specific.
..and i guess this cutoff is reported as an EAP failure and therefore kit
configured to block/deny access will mean the eg the 3rd tunnel creation
will be the last for some time....
Yes. Some kit has a configurable 'quiet-period'. So that after the EAP-Success or EAP-Failure message, it'll wait for a specified period before allowing another authentication attempt on that port. At
least this is true of ProCurve products, and it seems like a sensible feature so I'm sure Cisco et al will have implemented it too.
Arran
--
Arran Cudbard-Bell ([email protected]),
Authentication, Authorisation and Accounting Officer,
Infrastructure Services (IT Services),
E1-1-08, Engineering 1, University Of Sussex, Brighton, BN1 9QT
DDI+FAX: +44 1273 873900 | INT: 3900
GPG: 86FF A285 1AA1 EE40 D228 7C2E 71A9 25BB 1E68 54A2
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
