A user goes offline shortly after passing 802.1x authentication on an S series switch

18

For S series switches (except the S1700), possible reasons why a user goes offline in a short period or frequently goes offline after the user passes 802.1x authentication are as follows:
1. If handshake with online users is enabled on a switch (to detect whether the users are online), the switch periodically sends handshake request packets to users. A user client that does not support the handshake function does not respond to the packets. The switch considers that the user is not online and disconnects the user from the network. To solve this problem, run the undo dot1x handshake command to disable the device from sending handshake packets to online 802.1x authentication users.
2. If the handshake interval is short, you can run the dot1x timer command to configure a proper handshake interval and timeout interval.
3. An accounting server is configured for 802.1x authentication users connected to a switch. When a user goes online, the switch sends an accounting-start request packet to the accounting server. If the switch does not receive an accounting-start response packet from the server due to network faults, accounting fails to start and the switch forces the user offline. To solve this problem, run the accounting start-fail online command to keep users online if accounting fails.

Other related questions:
Clients pass 802.1x authentication on an S series switch, and are disconnected after 10 seconds
For S series switches except S1700 switches, if handshake with online 802.1x users is enabled on a switch, the switch sends handshake packets to a client after the client is authenticated. If the client does not respond to the handshake packets, the switch forces the client offline. The client goes offline 10 seconds after it is authenticated. This may be caused by a handshake failure. In this case, run the undo dot1x handshake command in the system view to disable the handshake function.

Why does a client go offline 10 seconds after it passes 802.1x authentication on the switch
If handshake with online 802.1x users is enabled on the switch, the switch sends handshake packets to a client after the client is authenticated. If the client sends no handshake packet to the switch, the switch forces the client offline. The client goes offline 10 seconds after it is authenticated. This may be caused by a handshake failure. In this case, run the undo dot1x handshake command in the system view to disable the handshake function.

802.1x remote authentication on S series switch
In 802.1x remote authentication and authorization, user information (including the user name, password and attributes) is configured on the remote AAA server. 802.1x remote authentication and authorization feature high network security. S series switches (except S1700 switches) running V200R003C10 or an earlier version supports only traditional NAC configuration. Switches running V200R005C00 or a later version support both traditional and unified NAC configuration. By default, unified NAC configuration is used. 802.1x remote authentication also supports traditional and unified modes. 802.1x remote authentication configuration is the same on all switch models: - For the traditional 802.1x remote authentication configuration, see "Example for Configuring 802.1x Authentication to Control Internal User Access" in "Configuring NAC (Common Mode)" of Typical Configuration Examples. - For the unified 802.1x remote authentication configuration, see "Example for Configuring 802.1x Authentication to Control Internal User Access" in "Configuring NAC (Unified Mode)" of Typical Configuration Examples.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top