Using the eap packet-id minus command, you can change the ID of the EAP authentication packet of the authentication server during the IKEv2 IPSec tunnel establishment.
The undo eap packet-id minus command cancels the preceding configuration.
By default, the ID of the EAP authentication packet is not changed.
| Parameter | Description | Value |
|---|---|---|
| number | The number subtracted from packet-id. | The value is an integer ranging from 1 to 255. |
The IKEv2 protocol supports the EAP authentication. During the IPSec tunnel establishment in IKEv2 mode, if the peer device and the authentication server comply with different standards (for example, the peer device complies with the 3GPP standard, but the authentication server complies with the FRC standard), the ID of the EAP authentication packet sent by the authentication server to the peer device may be different from the ID of the EAP authentication packet sent by the peer device. This ID inconsistency causes an EAP authentication failure. If this failure occurs, you need to run this command to subtract a number from the ID of the EAP authentication packet on the AAA server to allow the successful authentication and tunnel establishment.
Under normal circumstances, if the devices on the two ends use the same products, do not run this command; otherwise, the tunnel cannot be established.