Causes Of Client Deauthentication Immediately After Authenticating - HP ProCurve 6400cl Series Access Security Manual

Message
Memory allocation failure for IDM
ACL.
ACE limit per port exceeded. client
< mac-address > port < port-# >.
Exceeded counter per slot limit.
client < mac-address > port < port-# >.
Configuring a RADIUS Server To Specify Per-Port CoS and Rate-Limiting Services
Causes of Client Deauthentication Immediately
After Authenticating
■ ACE formatted incorrectly in the RADIUS server
• "from", "any", or "to" keyword missing
• An IP protocol number in the ACE exceeds 255.
• An optional UDP or TCP port number is invalid.
A RADIUS-Based ACL limit has been exceeded. (Refer to table 6-3,
■
"Limits Affecting RADIUS-Based ACL Applications" on page 6-36.)
• The allowed maximum of two RADIUS-assigned ACLs has already
been reached on the port through which the deauthenticated client is
trying to access the network. (Each client requiring a RADIUS-
assigned ACL is a separate instance, even if multiple clients are
assigned the same ACL.)
• For a given port on a given module, the latest client authentication
includes a RADIUS-Based ACL assignment exceeding the maximum
number of ACEs allowed on the module.
• An ACE in the ACL for a given authenticated client exceeds 80
characters.
• An ACL assigned to an authenticated client causes the number of
optional counters needed on the module supporting the client's port
to exceed the per-module maximum (100).
RADIUS Authentication and Accounting
Meaning
Notifies of a memory allocation failure for a RADIUS-based
ACL.
User Action?
Notifies that the maximum number of ACEs (30) allowed on
the port was exceeded.
Notifies that the internal counter (cnt) limit of 100 per module
was exceeded on port < port-# >. Refer to Table 6-3 on page
36.
6-47