The following are the minimum system requirements for EAP:
RADIUS server
Client software that supports EAP
You must specify the RADIUS server that supports EAP as the primary RADIUS server for the switch. You must configure your switch for VLANs and EAP security.
If you configure EAP on a port, the following limitations apply:
You cannot enable EAP on ports that belong to an MLT group.
You cannot add EAP-enabled ports to an MLT group.
You can configure a total of 32 MAC clients, EAP and NEAP hosts, on an EAP-enabled port. Two MAC clients per port is a typical configuration.
You cannot configure EAP on MLT/LACP interfaces.
You cannot add EAP-enabled ports to an MLT/LACP group.
You cannot enable VLACP on EAP enabled ports.
Manual VLAN changes on a EAP enabled port is restricted.
You cannot change the VLAN port tagging on EAP enabled ports.
You cannot configure the default VLAN ID. Use the Guest VLAN configuration to access unauthenticated devices.
You cannot enable MACsec on EAP enabled ports.
You cannot enable EAP on NNI interfaces.
You cannot egress mirror an EAP PDU.
Do not use EAP with a brouter port.
Ping to and from services between nodes over the NNI will work even when it contains only EAP enabled ports with no authenticated clients on it.
MHSA and Fail Open VLAN are mutually exclusive.
Fail-Open I-SID is not supported in MHSA mode.
You cannot change the EAP operation mode on EAP enabled ports.
You cannot configure private VLANs as Fail Open VLAN or Guest VLAN.
You cannot configure SPBM B-VLAN as Fail Open VLAN or Guest VLAN.
You cannot delete a VLAN if the VLAN is configured as Fail Open VLAN or Guest VLAN.