Hello,
I get unexpected behavior with Dot1x + server-fail-vlan-id on wired network. My setup is following:
- freeradius server is down
- authenticator is CRS326, RouterOS v7.13
- only dot1x Auth type is enabled ( no mac auth)
- supplicant is Windows 10, IEEE802.1X enabled, Fallback to unauthorized network access is enabled
After Radius timeouts I expect port to be moved to server-fail-vlan-id and EAPOL to stop until Radius is back online. What actually happens is that after supplicant is correctly moved to server-fail-vlan-id the EAP process is still running and causes port to flap.
Logs - the green part is OK, what comes after is not, supplicant looses connectivity. This keeps repeating.
/interface bridge
add frame-types=admit-only-vlan-tagged name=bridge_switch port-cost-mode=short vlan-filtering=yes
/interface bridge port
add bridge=bridge_switch edge=yes frame-types=admit-only-untagged-and-priority-tagged interface=ether3
/interface dot1x server
add accounting=no interface=ether3 server-fail-vlan-id=4
Any ideas? thank you