The following are the minimum system requirements for EAP:
RADIUS server
Client software that supports EAP
You must specify the RADIUS server that supports EAP as the primary RADIUS server for the switch. You must configure your switch for VLANs and EAP security.
If you configure EAP on a port, the following limitations apply:
You cannot enable EAP on ports that belong to an MLT group or add EAP-enabled ports to an MLT group.
You cannot configure EAP on MLT/LACP interfaces or add EAP-enabled ports to an LACP group.
You cannot enable the following features on EAP-enabled ports:
MACsec
VLACP
Manual VLAN changes on a EAP enabled port is restricted.
You cannot change the VLAN port tagging on EAP enabled ports.
You cannot configure the default VLAN ID. Use the Guest VLAN configuration to access unauthenticated devices.
You can configure a total of 32 MAC clients, EAP and NEAP hosts, on an EAP-enabled port. Two MAC clients per port is a typical configuration.
You cannot enable EAP on a network-to-network interface (NNI).
You cannot egress mirror an EAP PDU.
Do not use EAP with a brouter port.
Ping to and from services between nodes over the NNI will work even when it contains only EAP enabled ports with no authenticated clients on it.
MHSA and Fail Open VLAN are mutually exclusive.
Fail-Open I-SID is not supported in MHSA mode.
You cannot change the EAP operation mode on EAP enabled ports.
You cannot configure private VLANs or SPBM B-VLAN as Fail Open VLAN or Guest VLAN.
You cannot delete a VLAN if the VLAN is configured as Fail Open VLAN or Guest VLAN.