The EAP packet in 802.1X authentication is a bridge protocol data
unit (BPDU). By default, Huawei switches do not perform Layer 2 forwarding
for BPDUs. If a Layer switch still exists between the 802.1X-enabled
device and a user, Layer 2 transparent transmission must be configured
on the switch. Otherwise, the EAP packet sent by the user cannot reach
the authentication device and the user cannot pass authentication.
To configure Layer 2 transparent transmission of 802.1X authentication
packets, perform the following operations:
- Run the l2protocol-tunnel user-defined-protocol dot1x
protocol-mac 0180-c200-0003 group-mac 0100-0000-0002 command in
the global view of the Layer 2 switch.
- Run the l2protocol-tunnel user-defined-protocol dot1x
enable and bpdu enable commands on the interface connecting the Layer 2 switch to
the uplink network and all downlink interfaces connected to users.