Terry Simons wrote:
What do you mean by "transparent" EAP support?
Sorry that I was a bit confusing, I mean transparancy in that it doesn't matter to the Authenticator what kind of EAP-type is used. It shouldn't matter to the AP/Switch if the client uses EAP-TTLS, EAP-TLS, EAP-SIM or any new EAP-invention.
Only the supplicant and the authentication server should care.
If you are saying that edge switches that know nothing about 802.1x, are passing 802.1x up to core switches for authentication, this goes against the IEEE 802.1x standard!
Yes, that's not what I meant :-) Sorry if that wasn't clear.
On wired ports, 802.1x compliant (supplicant) devices are supposed to use a multicast address to talk to their upstream switch for authentication. This multicast address is NOT supposed to be forwarded from a bridge to other devices. (What I would consider "transparent").
Would be a bad idea. But maybe it would be interesting if the layer 2 /could/ be tunneled including the EAPOL packets for e.g. home ADSL users or something.
As far as 802.1aa is concerned: I just downloaded the draft, I'm curious what new it brings...
Regards, Paul
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
