cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
450
Views
3
Helpful
5
Replies

dot1x behavior 2

mjohnson
Level 1
Level 1

I performed a "dot1x debug packet" on a XP supplicant. I had reauth-max-req set to 2 but I observered 3 EAP code=1 (requests) frames, why is it not 2?

1 Accepted Solution

Accepted Solutions

Apologies for the prior ambiguity. The value "max-reauth-req" is how many times it attempts to authenticate the session after it's already tried at least once. So the default value of 2, would spell 3 EAPOL-Identity-Request frames going out on the wire before entering the DISCONNECTED state, or the Guest-VLAN (depending on the config).

Hope this helps,

View solution in original post

5 Replies 5

Premdeep Banga
Level 7
Level 7

I don?t remember it from top of my head.

But I think this is what is happening,

[1st attempt] + [2 re-authentication attempt] = 3

Regards,

Prem

This is what I thought, the documentation on this topic is vague.

Apologies, but wasn't this already answered in the other thread?

The other thread addressed the differences in max-req and max-reauth-req but not why I was seeing 3 EAP request frames when max-reauth-req was set to 2.

Apologies for the prior ambiguity. The value "max-reauth-req" is how many times it attempts to authenticate the session after it's already tried at least once. So the default value of 2, would spell 3 EAPOL-Identity-Request frames going out on the wire before entering the DISCONNECTED state, or the Guest-VLAN (depending on the config).

Hope this helps,

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: