TLS Connection Persistence

With RADIUS over TLS, the state of the TLS connection indicates whether the server is “live” or “dead.” As soon as a RADIUS over TLS server is configured, the switch attempts to open a connection. If successful, the server is considered live. If unsuccessful, the server is considered dead and the switch will periodically attempt to reconnect.

If one or more RADIUS over TLS servers is live, then an initial request is sent to a single TLS server, based on priority. This means that the highest priority TLS server is always chosen for the first transmission. If this transaction times out, but that TLS server status is live, there will be no retransmissions to other TLS servers (or to UDP servers, if configured) and user authentication will fail.

When a TLS connection is broken or closed, any prior request messages that have not yet received a response will be handled on timeout as follows:

If there are no other live TLS connections, then the user session will fail. If there are UDP servers configured, they will not be tried.
If there are other live TLS connections, then the user request will be retransmitted to one of the new TLS servers.

Switching

Routing

Wireless

Management & Automation

Analytics & Visibility

Security & Access Control

Remote

Cloud

Security

Machine Learning

Campus Fabric

Data Center Fabric

Internet of Things

Wi-Fi 6

Primary & Secondary Education (K-12)

Retail

Service Providers

Federal Government

Manufacturing

Higher Education

Healthcare

Hospitality

State & Local Government

Sports & Public Venues

Support Portal

Knowledge Base

Documentation

End of Sale

Policies & Warranties

Training & Courses

Maintenance Services

Premier Services

Professional Services

Managed Services

TLS Connection Persistence