Problem with EAP Identity

Michael Schwartzkopff ms at
Tue Jan 12 14:29:39 CET 2021


I stumbled upon a strange behaviour of my switches. I want to configure
802.1x. In the first packet the Switch sends:

Debug: (7) Received Access-Request Id 81 from x.x.x.46:36296 to
x.x.x.154:1812 length 152
Debug: (7)   User-Name = "3464A9D11215"

The debug goes on:

Debug: (7) eap: Peer sent packet with method EAP Identity (1)
Debug: (7) eap: EAP session adding &reply:State = 0x45e56b9d45e46617
Debug: (7)     modsingle[authenticate]: returned from eap (rlm_eap)
Debug: (7)     [eap] = handled

The next request from the switch is:

Debug: (8) Received Access-Request Id 82 from x.x.x.46:36296 to
x.x.x.154:1812 length 167
Debug: (8)   User-Name = "host/test at xxx.xx"
Debug: (8)   State = 0x45e56b9d45e46617718e28efb749ef6f

and then the RADIUS server complains:

Debug: (8) eap: Previous EAP request found for state 0x45e56b9d45e46617,
released from the list
Debug: (8) eap: Identity does not match User-Name.  Authentication failed
Debug: (8) eap: Failed in handler

Can anyone explain what happens here? Does the switch change the
User-Name within the RADIUS / EAP session? Is this a bug of the switch?
Or does something other happen here?

Thanks for any hints.

Mit freundlichen Grüßen,


[*] sys4 AG, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
Aufsichtsratsvorsitzender: Florian Kirstein

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Freeradius-Users mailing list