No relevant resource is found in the selected language.
Enterprise
Worldwide
Search
Support Documentation
WLAN Troubleshooting Guide (V200)
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Case Study: 802.1X Authentication Fails Because a STA Cannot Identify EAP Packets Whose Payload Length Exceeds 1000 Bytes

Case Study: 802.1X Authentication Fails Because a STA Cannot Identify EAP Packets Whose Payload Length Exceeds 1000 Bytes

Symptom

802.1X authentication is configured on an AC. Some STAs fail 802.1X authentication.

Relevant Alarms and Logs

None

Cause Analysis

The length of EAP packets is too large, and some STAs cannot identify EAP packets.

Procedure

  1. Reproduce the fault and use the trace and station-trace functions to check the authentication packet exchange process.

    [AC] trace object mac-address sta-mac
[AC] trace enable
[AC-diagnose] station-trace sta-mac sta-mac

    The trace information shows that the STA does not respond to the Request Challenge packet.

    Send EAP_request packet to user successfully.(Index=117)
Eapol send request/challenge packet to user successfully.enter request status.(local index:117)
No response of request challenge from user.

    The station trace information shows that the packet payload is 1100, and the packet fails to be sent.

    receive eap pkt to sta from CAPWAP(9),[type(0)=EAP pkt, src mac=1c:20:db:xx:xx:xx, ln=1122]
EAPOL packet payload[1100] Recved from software switch
EAPOL packet payload[1100] elapsed[0 ms] Sending pkt to target(Single)
EAPOL packet payload[1100] elapsed[70 ms] Fail to send pkt to air with status[2]

    Compare the EAP packets of a normal STA with those of an abnormal STA. It is found that the packet payload is 1100 in the abnormal STA EAP packet exchange process and 1000 in the normal STA EAP packet exchange process. This indicates that the STA cannot identify the packets whose payload exceeds 1100. In this case, you need to modify the EAP packet payload size.

  2. Change the payload of the EAP packet to 1000. Then, the problem is solved.

    You can change the payload in either of the following ways:

    • Set the value of Frame-Mtu to a value smaller than 1000 on the RADIUS server.
    • In the RADIUS server template, reduce the value of the Frame-Mtu attribute in the authentication request packet sent by the device to the RADIUS server. The default value of Frame-Mtu is 1500. You are advised to set it to 1000.

      Some third-party RADIUS servers do not support this attribute. In this case, use the first method to adjust the attribute.

      [AC] radius-server template radius_test
[AC-radius-radius_test] radius-server attribute translate
[AC-radius-radius_test] radius-attribute set Framed-Mtu 1000

Translation
简体中文
Download
Updated: 2023-12-01

Document ID: EDOC1000060368

Views: 1926944

Downloads: 6017

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Digital Signature File

Digital Signature Authentication Mode
Share
Previous Next

Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :