Access Security Guide K/KA/KB.15.15
Causes of client deauthentication immediately after authenticating
• ACE formatted incorrectly in the RADIUS server
from,any, or to keyword missing.•
• An IPv4 or IPv6 protocol number in the ACE exceeds 255.
• An optional UDP or TCP port number is invalid, or a UDP/TCP port number is specified
when the protocol is neither UDP or TCP.
• A RADIUS-assigned ACL limit has been exceeded.
An ACE in the ACL for a given authenticated client exceeds 80 characters.•
• The TCP/UDP port-range quantity of 14 per slot or port group has been exceeded.
• The rule limit of 3048 per slot or port group has been exceeded.
• An IPv6 ACE has been received on a port and either the HP-Nas-Rules-IPv6 attribute is
missing or HP-Nas-Rules-IPv6=2 is configured. See Table 22 (page 220) for more on this
attribute.
226 RADIUS server support for switch services