(RADIATOR) 802.1x and vlan assignment
Paul Dekkers
Paul.Dekkers at surfnet.nl
Thu Sep 18 04:18:55 CDT 2003
Terry,
Terry Simons wrote:
> What do you mean by "transparent" EAP support?
Sorry that I was a bit confusing, I mean transparancy in that it doesn't
matter to the Authenticator what kind of EAP-type is used. It shouldn't
matter to the AP/Switch if the client uses EAP-TTLS, EAP-TLS, EAP-SIM or
any new EAP-invention.
Only the supplicant and the authentication server should care.
> If you are saying that edge switches that know nothing about 802.1x,
> are passing 802.1x up to core switches for authentication, this goes
> against the IEEE 802.1x standard!
Yes, that's not what I meant :-)
Sorry if that wasn't clear.
> On wired ports, 802.1x compliant (supplicant) devices are supposed to
> use a multicast address to talk to their upstream switch for
> authentication. This multicast address is NOT supposed to be
> forwarded from a bridge to other devices. (What I would consider
> "transparent").
Would be a bad idea. But maybe it would be interesting if the layer 2
/could/ be tunneled including the EAPOL packets for e.g. home ADSL users
or something.
As far as 802.1aa is concerned: I just downloaded the draft, I'm curious
what new it brings...
Regards,
Paul
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list