07-29-2007 09:39 AM - edited 03-09-2019 06:29 PM
I performed a "dot1x debug packet" on a XP supplicant. I had reauth-max-req set to 2
but I observered 3 EAP code=1 (requests) frames, why ? Also, how does reauth-max-req
differ from maxreq? My opinion is that maxreq is for managing the flow from authenticator to server and reauthmaxreq is to manage supplicant to authenticator flow?
07-29-2007 09:48 AM
dot1x max-reauth-req: This is the timer for EAPOL-Identity-Request frames themselves. The reason you see is b/c the value is set to 2 by default.
dot1x max-req: affects the number of times EAPOL data (i.e. Non-ID-Request) frames are re-transmitted (if lost, or not replied to).
Both of these timers indicate responsibility of the supplicant to retransmit the frames if they've gone unanswered.
There shouldn't be anything 1X-related to manage flow from authenticator to authentication server, other than maybe a high-water/give-up timer. And I wouldn't suggest trying to use something like this anyway. This should be managed from AAA/RADIUS.
Does this help?
07-29-2007 10:25 AM
ok, so one is for data frames and the other is for the initial authentication attempt, correct?
Also, if max-reauth-req is set to 2 why are 3 EAP identity request frames sent? Is it because the first is an authentication attempt and the other 2 are reauth attempts?
This doe shelp but I am not quite all the way there.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide