Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

dot1x behavior 2

I performed a "dot1x debug packet" on a XP supplicant. I had reauth-max-req set to 2 but I observered 3 EAP code=1 (requests) frames, why is it not 2?

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: dot1x behavior 2

Apologies for the prior ambiguity. The value "max-reauth-req" is how many times it attempts to authenticate the session after it's already tried at least once. So the default value of 2, would spell 3 EAPOL-Identity-Request frames going out on the wire before entering the DISCONNECTED state, or the Guest-VLAN (depending on the config).

Hope this helps,

5 REPLIES

Re: dot1x behavior 2

I don?t remember it from top of my head.

But I think this is what is happening,

[1st attempt] + [2 re-authentication attempt] = 3

Regards,

Prem

New Member

Re: dot1x behavior 2

This is what I thought, the documentation on this topic is vague.

Cisco Employee

Re: dot1x behavior 2

Apologies, but wasn't this already answered in the other thread?

New Member

Re: dot1x behavior 2

The other thread addressed the differences in max-req and max-reauth-req but not why I was seeing 3 EAP request frames when max-reauth-req was set to 2.

Cisco Employee

Re: dot1x behavior 2

Apologies for the prior ambiguity. The value "max-reauth-req" is how many times it attempts to authenticate the session after it's already tried at least once. So the default value of 2, would spell 3 EAPOL-Identity-Request frames going out on the wire before entering the DISCONNECTED state, or the Guest-VLAN (depending on the config).

Hope this helps,

106
Views
3
Helpful
5
Replies
CreatePlease to create content