Solved: dot1x behavior 2

mjohnson · ‎08-03-2007

I performed a "dot1x debug packet" on a XP supplicant. I had reauth-max-req set to 2 but I observered 3 EAP code=1 (requests) frames, why is it not 2?

jafrazie · ‎08-05-2007

Apologies for the prior ambiguity. The value "max-reauth-req" is how many times it attempts to authenticate the session after it's already tried at least once. So the default value of 2, would spell 3 EAPOL-Identity-Request frames going out on the wire before entering the DISCONNECTED state, or the Guest-VLAN (depending on the config).

Hope this helps,

View solution in original post

Premdeep Banga · ‎08-03-2007

I don?t remember it from top of my head.

But I think this is what is happening,

[1st attempt] + [2 re-authentication attempt] = 3

Regards,

Prem

mjohnson · ‎08-03-2007

This is what I thought, the documentation on this topic is vague.

jafrazie · ‎08-05-2007

Apologies, but wasn't this already answered in the other thread?

mjohnson · ‎08-05-2007

The other thread addressed the differences in max-req and max-reauth-req but not why I was seeing 3 EAP request frames when max-reauth-req was set to 2.

jafrazie · ‎08-05-2007

Apologies for the prior ambiguity. The value "max-reauth-req" is how many times it attempts to authenticate the session after it's already tried at least once. So the default value of 2, would spell 3 EAPOL-Identity-Request frames going out on the wire before entering the DISCONNECTED state, or the Guest-VLAN (depending on the config).

Hope this helps,