Windows 10 does not response EAP-Request/Identity from Switch after sucessfuly authentication of 802.1X

luckydog xf luckydogxf at gmail.com
Wed Aug 12 09:58:51 CEST 2020 

The work around is changing configuration of H3C from 'dot1x' to 'port
security' , which would skip step 11 and 12 mentioned above.

So it's quite weird, I believe Step 11 and 12 are  standard steps defined
in RFC-XXX.

It seems H3C sent a wrong message that caused Windows10  cannot be
recognized and ignored without any response.
-

On Wed, Aug 12, 2020 at 1:23 PM luckydog xf <luckydogxf at gmail.com> wrote:

> Hello,
>
>     This may not be a question of Freeradius, but I post it here to see
> whether someone ran into the same issue before and found a way to fix it.
>
>      We're running H3C switch, configure eap authentication, client is
> windows 10 and uses certificate authentication. Initially windows 10 can be
> online and soon after that it goes offline.
>
>      By  checking freeradius log, we can see that accounting
> Acct-Status-Type is Start and later becomes Stop.
>       We use wireshark to capture packets of windows 10 and find that,
> after it's successfully online, Switch sends EAP-Request/Identity to it and
> expects a response.  Yet windows 10 ignores it. Switch sends a 'Stop' to
> Freeradius when it's timeout.
>
>       The whole process is listed
> http://www.h3c.com/en/Support/Resource_Center/Technical_Documents/Home/Switches/00-Public/Configure/Configuration_Guides/H3C_S5130S-HI[EI]_S5110V2_S3100V3-EI-6W103/08/201909/1227641_294551_0.htm
>
>   [  EAP relay ]    section.
>
> 11.     After the client comes online, the access device periodically
> sends handshake requests to check whether the client is still online. By
> default, if two consecutive handshake attempts fail, the device logs off
> the client.
>
> 12.     Upon receiving a handshake request, the client returns a
> response. If the client fails to return a response after a number of
> consecutive handshake attempts (two by default), the access device logs off
> the client. This handshake mechanism enables timely release of the network
> resources used by 802.1X users that have abnormally gone offline.
>
>
> So it's quite weird, why does Windows 10 ignore it ?
>
> Appreciated for any help.
>
> Thanks.
>
>
>
>
>
>

More information about the Freeradius-Users mailing list