KB.15.15

Causes of client deauthentication immediately after authenticating

• ACE formatted incorrectly in the RADIUS server

from,any, or to keyword missing.•

• An IPv4 or IPv6 protocol number in the ACE exceeds 255.

• An optional UDP or TCP port number is invalid, or a UDP/TCP port number is specified

when the protocol is neither UDP or TCP.

• A RADIUS-assigned ACL limit has been exceeded.

An ACE in the ACL for a given authenticated client exceeds 80 characters.•

• The TCP/UDP port-range quantity of 14 per slot or port group has been exceeded.

• The rule limit of 3048 per slot or port group has been exceeded.

• An IPv6 ACE has been received on a port and either the HP-Nas-Rules-IPv6 attribute is

missing or HP-Nas-Rules-IPv6=2 is configured. See Table 22 (page 220) for more on this

attribute.

226 RADIUS server support for switch services