On Mon, Oct 08, 2007 at 10:48:45PM -0700, Bernard Aboba wrote: > >DHCP requests are broadcast, whereas EAPoL packets are not. > > EAPoL packets are sent to a non-forwardable multicast address in wired > networks, and to a unicast address in IEEE 802.11. > > >The first issue is simply that 802.1x does not traverse a switch. > > Not so. Forwarding of IEEE 802.1X frames is a frequently implemented > feature in switches. For example, this feature is routinely supported on > low end switches and VOIP handsets with switch ports.
I'm wondering if it can work over wired networks where a non-forwardable multicast address is used as the destination MAC address of EAPoL frames. How two Supplicants attached to such a switch can run 802.1X where one Supplicant may receive EAPoL frames intended to be received by the other one? Yoshihiro Ohba > > >A whole world of issues arise when you try break that part of 802.1x by > >having it traverse a switch as 802.1x is port authentication, not host > >authentication > > Again, not true. IEEE 802.1X switches today routinely support MAC address > state, not just port state. In fact, this feature is supported within the > Cisco 65xx series switches. > > > > > _______________________________________________ > Int-area mailing list > [email protected] > https://www1.ietf.org/mailman/listinfo/int-area > _______________________________________________ Int-area mailing list [email protected] https://www1.ietf.org/mailman/listinfo/int-area
