Sending EAP-Success packets to 802.1X users in the critical VLAN
This feature allows specific 802.1X users in the critical VLAN to pass re-authentication directly when the device detects a reachable server. The device sends EAP-Success packets to the 802.1X clients that cannot respond to the EAP-Request packets of the device (for example, the Windows built-in 802.1X client).
The feature takes effect only after the dot1x critical recovery-action reinitialize command is configured on the port.
To configure the device to send EAP-Success packets to users in the 802.1X critical VLAN:
Step | Command | Remarks |
|---|---|---|
1. Enter system view. | system-view | N/A |
2. Enter Layer 2 Ethernet interface view. | interface interface-type interface-number | N/A |
3. Configure the 802.1X critical VLAN on the port. | dot1x critical vlan vlan-id | By default, no 802.1X critical VLAN is configured. Different ports can be configured with different critical VLANs, and one port can only be configured with a maximum of one critical VLAN. |
4. Configure the port to trigger 802.1X re-authentication on detection of an active authentication server for users in the critical VLAN. | dot1x critical recovery-action reinitialize | By default, when a reachable server is detected, the system removes the port or 802.1X users from the critical VLAN without triggering authentication. |
5. Configure the device to send EAP-Success packets to 802.1X users in the critical VLAN on the port. | dot1x critical eapol | By default, the device does not send EAP-Success packets to 802.1X users in the critical VLAN. |