The present invention relates to the field of communications. Disclosed are an 802.1X access session keepalive method, device, and system. The method comprises: during network access of a 802.1X client, an authenticating node used for access authentication sending, to the 802.1X client according to an actual keepalive period of the authenticating node, a keepalive request message used for determining whether the 802.1X client is off-net abnormally; and during a preset duration of the authenticating node, if the authenticating node does not receive a keepalive response message from the 802.1X client in response to the keepalive request message, the authenticating node determining that the 802.1X client is off-net abnormally; otherwise, determining that the 802.1X client is on-net normally. The embodiments of the present invention improve network resource utilization, reduce the security problem caused by too heavy load of the authenticating node, and lower the risk of errors in charging on time.