Customer want configuration the AD authentication via Agile controller, After user authenticate using AD users or local users, The user have IP from the right vlan and have log on the agile that the user authenticate successfully, but it take about two minutes then the Ethernet adapter present that the authentication failed and after about three minutes from that customer can’t reach anything in his network from that PC although the PC still have the right IP from its vlan.
Agile controller version is V100R003C30SPC102
Topology as follow:
ONU is access device and the dot1x authentication point.
Step 1 Suggest customer configuration windows DOT1X with follow production document
Step 2 Packets Capture in issue PC and Agile
Analysis the packets we found:
After PC authentication success, ONU device send the EAP-request packet every 15 second after 6 times PC didn’t feedback the request packets then authentication fail.
Unreasonable configuration in ONU device about dot1x keepalive it cause the ONU send the eap-request packets every 15 second.
Disable the dot1x keepalive in ONU device.