Sending EAP-Success packets to users in the 802.1X critical VLAN

About EAP-Success packet sending to users in the 802.1X critical VLAN

Typically, the device sends EAP-Failure packets to 802.1X clients when the client users are assigned to the 802.1X critical VLAN. Some 802.1X clients, such as Windows built-in 802.1X clients, cannot respond to the EAP-Request/Identity packets of the device if they have received an EAP-Failure packet. As a result, reauthentication fails for these clients when an authentication server is reachable.

This feature enables the device to send EAP-Success packets instead of EAP-Failure packets to 802.1X clients when the client users are assigned to the 802.1X critical VLAN. This operation ensures that all 802.1X clients can perform reauthentication.

Procedure

  1. Enter system view.

    system-view

  2. Enter interface view.

    interface interface-type interface-number

  3. Configure the device to send an EAP-Success packet to an 802.1X client when its client user is assigned to the critical VLAN on the port.

    dot1x critical eapol

    By default, the device sends an EAP-Failure packet to an 802.1X client when its client user is assigned to the critical VLAN on a port.