Wireless 802.1x authentication at a site fails

Through packet capture, it is found that the terminal sends a client hello message to the authentication server after the packet is terminated. It is unknown why the server rejects the terminal after sending the client hello message. So I checked the cause of the failure from the log on the server side and found the problem. The server received two identical EAP No. 1 messages at the same time, and the server received EAP No. 2 messages at two times. The server will receive two identical messages at the same time, which will cause the server to think that the message is abnormal and reply reject. If the server receives two copies of the same message at the same time, it may be that mirroring is configured in the device. After checking layer by layer, it is found that a mirroring group is configured on the switch connected to the authentication server. This mirroring group causes the authentication message sent by the device to the server to appear twice the same, which is considered abnormal for the server, so the authentication will be rejected.

After deleting the mirroring group, 802.1x authentication can be performed normally.