A user goes offline shortly after passing 802.1x authentication on an S series switch

For S series switches (except the S1700), possible reasons why a user goes offline in a short period or frequently goes offline after the user passes 802.1x authentication are as follows:
1. If handshake with online users is enabled on a switch (to detect whether the users are online), the switch periodically sends handshake request packets to users. A user client that does not support the handshake function does not respond to the packets. The switch considers that the user is not online and disconnects the user from the network. To solve this problem, run the undo dot1x handshake command to disable the device from sending handshake packets to online 802.1x authentication users.
2. If the handshake interval is short, you can run the dot1x timer command to configure a proper handshake interval and timeout interval.
3. An accounting server is configured for 802.1x authentication users connected to a switch. When a user goes online, the switch sends an accounting-start request packet to the accounting server. If the switch does not receive an accounting-start response packet from the server due to network faults, accounting fails to start and the switch forces the user offline. To solve this problem, run the accounting start-fail online command to keep users online if accounting fails.

Scroll to top