Sending EAP-Success packets to users in the 802.1X critical VLAN


[IMPORTANT: ]

IMPORTANT:

This feature is available in Release 1121 and later.


Typically, the device sends EAP-Failure packets to 802.1X clients when the client users are assigned to the 802.1X critical VLAN. Some 802.1X clients, such as Windows built-in 802.1X clients, cannot respond to the EAP-Request/Identity packets of the device if they have received an EAP-Failure packet. As a result, reauthentication fails for these clients when an authentication server is reachable.

This feature enables the device to send EAP-Success packets instead of EAP-Failure packets to 802.1X clients when the client users are assigned to the 802.1X critical VLAN. This operation ensures that all 802.1X clients can perform reauthentication.

To configure the device to send an EAP-Success packet to an 802.1X client when its client user is assigned to the critical VLAN on the port:

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Enter Layer 2 Ethernet interface view.

interface interface-type interface-number

N/A

3. Configure the device to send an EAP-Success packet to an 802.1X client when its client user is assigned to the critical VLAN on the port.

dot1x critical eapol

By default, the device sends an EAP-Failure packet to an 802.1X client when its client user is assigned to the critical VLAN on a port.