dot1x behavior 2

Answered Question

I performed a "dot1x debug packet" on a XP supplicant. I had reauth-max-req set to 2 but I observered 3 EAP code=1 (requests) frames, why is it not 2?

Correct Answer by jafrazie about 9 years 11 months ago

Apologies for the prior ambiguity. The value "max-reauth-req" is how many times it attempts to authenticate the session after it's already tried at least once. So the default value of 2, would spell 3 EAPOL-Identity-Request frames going out on the wire before entering the DISCONNECTED state, or the Guest-VLAN (depending on the config).


Hope this helps,


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.5 (2 ratings)
Loading.
Premdeep Banga Fri, 08/03/2007 - 04:18
User Badges:
  • Gold, 750 points or more

I don?t remember it from top of my head.


But I think this is what is happening,


[1st attempt] + [2 re-authentication attempt] = 3


Regards,

Prem

jafrazie Sun, 08/05/2007 - 14:52
User Badges:
  • Cisco Employee,

Apologies, but wasn't this already answered in the other thread?


Correct Answer
jafrazie Sun, 08/05/2007 - 18:04
User Badges:
  • Cisco Employee,

Apologies for the prior ambiguity. The value "max-reauth-req" is how many times it attempts to authenticate the session after it's already tried at least once. So the default value of 2, would spell 3 EAPOL-Identity-Request frames going out on the wire before entering the DISCONNECTED state, or the Guest-VLAN (depending on the config).


Hope this helps,


Actions

This Discussion