Home

Forums

Stories

Knowledge Base

Business Community > Switches > Packet drops in Wired 802.1x using TP-Link Switch

< Switches

Packet drops in Wired 802.1x using TP-Link Switch

KKZ

a week ago

Posts: 7

Helpful: 3

Solutions: 0

Stories: 0

Registered: 2025-01-24

Packet drops in Wired 802.1x using TP-Link Switch

a week ago

Model: TL-SG3428XPP-M2

Hardware Version: V1

Firmware Version: 1.20

Hello,

We are trying to implement 802.1x on wired LAN.
We have Windows NPS server and TP-Link Switch. The authentication method is EAP-TLS.
It is working fine in wireless the APs are managed by OC-300 but we haven't adopted the tp-link switch in OC-300.

The authentication happens.
I am receiving EAP-Success from Switch to Windows PC and Access-Accept from my Windows NPS server to Switch.
But after every 20-25 packets we are getting packet drops and we can see in the packet capture that we are receiving EAP-Failure from switch to client and Switch is sending Access-Request to the NPS server.
Why is switch reauthenticating the client again? Is there any way to solve this.

Interface configuration:
interface two-gigabitEthernet 1/0/1
switchport general allowed vlan 63 untagged
switchport pvid 63
dot1x
dot1x port-method port-based
storm-control broadcast 64
storm-control multicast 64

Global Config:
dot1x system-auth-control
dot1x vlan-assignment
#
radius-server host X.X.X.X auth-port 1812 acct-port 1813 timeout 5 retransmit 2 nas-id "40AE30139E2E" key 7 3a3abcf56ae769005b17dd0986c38211
aaa group radius XXXX
server X.X.X.X
#
aaa authentication dot1x default XXXX
aaa accounting dot1x default XXXX

5 Reply

Clive_A

a week ago

Posts: 6719

Helpful: 3425

Solutions: 1604

Stories: 0

Registered: 2023-06-09

Re:Packet drops in Wired 802.1x using TP-Link Switch

a week ago

Hi @KKZ

Thanks for posting in our business forum.

KKZ wrote

Hello,

We are trying to implement 802.1x on wired LAN.
We have Windows NPS server and TP-Link Switch. The authentication method is EAP-TLS.
It is working fine in wireless the APs are managed by OC-300 but we haven't adopted the tp-link switch in OC-300.

The authentication happens.
I am receiving EAP-Success from Switch to Windows PC and Access-Accept from my Windows NPS server to Switch.
But after every 20-25 packets we are getting packet drops and we can see in the packet capture that we are receiving EAP-Failure from switch to client and Switch is sending Access-Request to the NPS server.
Why is switch reauthenticating the client again? Is there any way to solve this.

How do you identify that is the switch sending the access request instead of the client? Then conclude it is the switch drops the packet and causes a reauthentication. Does any evidence or information indicate this?

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update! ☛Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.

KKZ

LV1

a week ago

Posts: 7

Helpful: 3

Solutions: 0

Stories: 0

Registered: 2025-01-24

Re:Packet drops in Wired 802.1x using TP-Link Switch

a week ago

@Clive_A

On checking the captures on wireshark, I can see that after success getting failure then again whole EAP process takes place and again success and then failure.
Also getting Access-Accept from RADIUS server but then switch gives access-request for the same client.

Clive_A

a week ago - last edited a week ago

Posts: 6719

Helpful: 3425

Solutions: 1604

Stories: 0

Registered: 2023-06-09

Re:Packet drops in Wired 802.1x using TP-Link Switch

a week ago - last edited a week ago

Hi @KKZ

Thanks for posting in our business forum.

KKZ wrote

@Clive_A

On checking the captures on wireshark, I can see that after success getting failure then again whole EAP process takes place and again success and then failure.
Also getting Access-Accept from RADIUS server but then switch gives access-request for the same client.

The whole diagram of your network. These IPs are internal IPs, there is no need to mosaic them.

Try to get a bigger picture of the whole interaction/conversation. MAC addresses should be mosaiced.

Have you double-checked if your settings are correct?

And to your description, you mean that it repeats success > failure > reinitiate > success > failure and it enters such a loop?

KKZ

LV1

a week ago

Posts: 7

Helpful: 3

Solutions: 0

Stories: 0

Registered: 2025-01-24

Re:Packet drops in Wired 802.1x using TP-Link Switch

a week ago

@Clive_A

Hello,

Yes the process repeats itself and the authentication process starts again.
I want to know whether the switch is starting the authentication process again or the client?

Clive_A

a week ago

Posts: 6719

Helpful: 3425

Solutions: 1604

Stories: 0

Registered: 2023-06-09

Re:Packet drops in Wired 802.1x using TP-Link Switch

a week ago

Hi @KKZ

Thanks for posting in our business forum.

KKZ wrote

@Clive_A

Hello,

Yes the process repeats itself and the authentication process starts again.
I want to know whether the switch is starting the authentication process again or the client?

You need to monitor this behavior from the Wireshark. I don't know.

If it enters this loop, you can use the Wireshark filter to find out more granular details about it.

Packet drops in Wired 802.1x using TP-Link Switch

Packet drops in Wired 802.1x using TP-Link Switch

Information

Voters 0

Tags