Can the switch identify EAP packets with the CODE value of 0x0A

13

EAP packets with the CODE value of 0x0A are H3C proprietary packets. Huawei switches of V100R006 and earlier versions cannot identify such packets. If a client sends EAP packets with the CODE value of 0x0A to a Huawei switch for authentication, authentication fails.

Other related questions:
How to configure Layer 2 transparent transmission of 802.1x authentication packets on an S series switch
An extensible authentication protocol (EAP) packet in 802.1x authentication is a bridge protocol data unit (BPDU). By default, S series switches do not perform Layer 2 forwarding for BPDUs. If a Layer 2 switch exists between an 802.1x authentication-enabled device and a user, Layer 2 transparent transmission must be configured on the switch. Otherwise, EAP packets sent by the user cannot reach the authentication device and the user cannot pass authentication The following describes different methods of configuring Layer 2 transparent transmission of 802.1x authentication packets on a fixed switch and a modular switch: - Assume that the Layer 2 fixed switch connects to the upstream device through GE0/0/1, and connects to users through GE0/0/2. [HUAWEI] l2protocol-tunnel user-defined-protocol dot1x protocol-mac 0180-c200-0003 group-mac 0100-0000-0002 [HUAWEI] interface gigabitethernet 0/0/1 [HUAWEI-GigabitEthernet0/0/1] l2protocol-tunnel user-defined-protocol dot1x enable [HUAWEI-GigabitEthernet0/0/1] bpdu enable [HUAWEI-GigabitEthernet0/0/1] quit [HUAWEI] interface gigabitethernet 0/0/2 [HUAWEI-GigabitEthernet0/0/2] l2protocol-tunnel user-defined-protocol dot1x enable [HUAWEI-GigabitEthernet0/0/2] bpdu enable [HUAWEI-GigabitEthernet0/0/2] quit - Assume that the Layer 2 modular switch connects to the upstream device through GE1/0/1, and connects to users through GE1/0/2. [HUAWEI] l2protocol-tunnel user-defined-protocol dot1x protocol-mac 0180-c200-0003 group-mac 0100-0000-0002 [HUAWEI] interface gigabitethernet 1/0/1 [HUAWEI-GigabitEthernet1/0/1] l2protocol-tunnel user-defined-protocol dot1x enable [HUAWEI-GigabitEthernet1/0/1] bpdu bridge enable [HUAWEI-GigabitEthernet1/0/1] quit [HUAWEI] interface gigabitethernet 1/0/2 [HUAWEI-GigabitEthernet1/0/2] l2protocol-tunnel user-defined-protocol dot1x enable [HUAWEI-GigabitEthernet1/0/2] bpdu bridge enable [HUAWEI-GigabitEthernet1/0/2] quit Note that you cannot set the group-mac parameter to the following addresses: - Reserved multicast MAC addresses: 0180-C200-0000 to 0180-C200-002F - Special multicast MAC addresses: 0100-0CCC-CCCC and 0100-0CCC-CCCD - Destination MAC address of Smart Link packets: 010F-E200-0004 - Multicast MAC addresses used on the switch.

Layer 2 transparent transmission mechanism for 802.1x protocol packets on S series switches
For S series switches (except the S1700), the Layer 2 transparent transmission mechanism for 802.1 protocol packets is as follows: 1. When an 802.1x protocol packet reaches the ingress node, the switch changes the multicast destination MAC address of the packet to a specified multicast MAC address. 2. After the MAC address of an 802.1x protocol packet is changed, the switch does not send the packet to the CPU for processing but directly forwards the packet on the Layer 2 network based on the configuration. 3. When the 802.1x protocol packet reaches the egress node, the switch restores the multicast destination MAC address of the packet to the standard multicast destination MAC address based on the mapping between the specified multicast destination MAC address and the 802.1x protocol configured on the switch.

Whether sFlow for S series switches is compatible with protocols of other vendors
NetFlow is other vendor's proprietary protocol. sFlow for S series switches is not compatible with NetFlow.

Can the TLL value in returned ping packets be modified on the AR router
The TTL value in response ping packets cannot be modified, and the TTL in sent ping packets can be changed by running the ping -h < ttl-value > command in any view.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top