Comware Based
5500G using Radius clients get disconnect

I have a site where we have 3 stacks of 5500G switches. Each stack is interconnected with the matrix cables, and the individual stacks are connected using fibre (a star from the coms room).

There are two VLANS in use one for the ground and first floor (VLAN2), the other for the second floor (VLAN3). The fibre connections are in VLAN2 on all switches. This configuration has been running for years no problem. We recently introduced radius authentication using free radius on a pair of SLES 10 servers. Testing on the ground floor was fine and this went into production rolling it out through the ground and first floor. When we introduced this to the second floor some workstations would become disconnected from the network (not always the same PC and not at the same time). That is to say the PC would power on and work normally but at some point the network connection would be closed. The quick fix is a reboot and the PC connects back to the network. I have compared the switch configurations and can see no difference (configs, firmware). The Radius Accounting log is showing what I believe to be normal operation, ‘Radius start’, ‘interim update’ but at the time of disconnection it is showing a ‘stop’ despite the PC being in use.

We have checked power save settings on the PC, we know the users are using the PC at time of disconnect.

Does anyone have any idea what may cause this or have any suggestions on how to diagnose this further?

Thanks in advance for any suggestions you can make.


5500 does send 802.1x re-authentication requests periodically ( not sure what the default is).

I don't know what "STOP" means on your Radius server. But assuming "STOP" means the Radius Service/Daemon is stopped/down and restarts for an instant then its feasible that when the timing is right. A small number of your PC (one of more)may not re-authenticate.

The problem sound like your Radius Server with the symptom being a timing issue because of it.

Thanks for the response.

The re-authentication is 12 mins and can retry 5 times at 3 second intervals. As far as I have been able to find out the 'stop' in the accounting log would normally appear when a client logs off or shuts down. I don't think it is a Server issue as we have about 90 client PC's on site and it is only some machines on this one stack of switches that is suffering the problem. The PC's are on a different subnet but the switch that is the device talking to the radius server is on the same subnet as the radius server, so should not be a routing or latency issue.