Table of Contents
Advertisement
dot1x critical eapol
Use dot1x critical eapol to enable the sending of an EAP-Success packet to a client when the
802.1X client user is assigned to the 802.1X critical VLAN on a port.
Use undo dot1x critical eapol to restore the default.
Syntax
dot1x critical eapol
undo dot1x critical eapol
Default
The device sends an EAP-Failure packet to a client when the 802.1X client user is assigned to the
802.1X critical VLAN on a port.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
Typically, the device sends EAP-Failure packets to 802.1X clients when the client users are assigned
to the 802.1X critical VLAN. Some 802.1X clients, such as Windows built-in 802.1X clients, cannot
respond to the EAP-Request/Identity packets of the device if they have received an EAP-Failure
packet. As a result, reauthentication fails for these clients when an authentication server is
reachable.
This command enables the device to send EAP-Success packets instead of EAP-Failure packets to
802.1X clients when the client users are assigned to the 802.1X critical VLAN. This operation
ensures that all 802.1X clients can perform reauthentication.
Examples
# Send an EAP-Success packet to a client when the 802.1X client user is assigned to the 802.1X
critical VLAN on Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] dot1x critical eapol
Related commands
dot1x critical vlan
dot1x critical vlan
Use dot1x critical vlan to configure an 802.1X critical VLAN on a port.
Use undo dot1x critical vlan to restore the default.
Syntax
dot1x critical vlan critical-vlan-id
undo dot1x critical vlan
174
Advertisement
Table of Contents
