Causes Of Client Deauthentication Immediately After Authenticating; Monitoring Shared Resources - HP ProCurve 2910al Access Security Manual

Configuring RADIUS Server Support for Switch Services
Configuring and Using RADIUS-Assigned Access Control Lists
Message
Invalid Access-list entry length,
client < mac-address > port < port-# >.
Memory allocation failure for IDM
ACL.
6-30
Causes of Client Deauthentication Immediately
After Authenticating
■ ACE formatted incorrectly in the RADIUS server
• "from", "any", or "to" keyword missing
• An IP protocol number in the ACE exceeds 255.
• An optional UDP or TCP port number is invalid, or a UDP/TCP port
number is specified when the protocol is neither UDP or TCP.
A RADIUS-assigned ACL limit has been exceeded.
■
• An ACE in the ACL for a given authenticated client exceeds 80
characters.
• The TCP/UDP port-range quantity of 14 per slot or port group has been
exceeded.

Monitoring Shared Resources

Currently active, RADIUS-based authentication sessions (including ProCurve
IDM client sessions) using RADIUS-assigned ACLs share internal routing
switch resources with several other features. The routing switch provides
ample resources for all features. However, if the internal resources do become
fully subscribed, new RADIUS-based sessions using RADIUS-assigned ACLs
cannot be authenticated until the necessary resources are released from other
applications.
Meaning
Notifies that the string configured for an ACE entry on the
Radius server exceeds 80 characters.
Notifies of a memory allocation failure for a RADIUS­
assigned ACL assigned by a RADIUS server performing
client authentication. (This message is used in IDM and non-
IDM environments.)