The IEEE 802.1x standard defines that authentication can be initiated by either a client PAE or a device PAE. The BRAS allows a user to initiate authentication. You can enable re-authentication on the BRAS to configure the BRAS to re-authenticate the client periodically.
When the client needs to access the service that the device provides, the client initiates authentication. Before the client initiates authentication, the client PAE must send an EAPoL-Start packet to the device PAE. After receiving the EAPoL-Start packet, the device PAE must respond with an EAP-Request/Identity packet.
When any of the following situations exists, the user logs off:
The client fails authentication.
The client fails re-authentication.
The client PAE cannot respond to the authentication request from the device PAE.
The client PAE sends an EAPoL-Logoff packet requesting logoff.
The client PAE can send a request for logoff at any time and in any situation. It is recommended that the client PAE send a request for logoff when the user quits the client or the client needs to restart.