I'm wondering if it can work over wired networks where a non-forwardable multicast address is used as the destination MAC address of EAPoL frames.
IEEE 802.11i supports 802.1X pre-authentication, in which another Ethertype is used, and 802.1X frames are sent to a unicast destination, forwarded by as many switches as necessary.
Scenarios involving forwarding of multicast frames are typically limited to situations in which the switch terminating IEEE 802.1X is one hop away, and the forwarding switch acts as a TPMR for 802.1X traffic. For example, a wired VOIP phone might have a switch port, but does not act as a RADIUS client, so it forwards 802.1X traffic to a switch at the wall-port.
How two Supplicants attached to such a switch can run 802.1X where one Supplicant may receive EAPoL frames intended to be received by the other one?
Typically the 802.1X forwarder will not send the 802.1X frames to all ports, just to the switch one hop deeper in the network. That way other supplicants should not get confused.
_______________________________________________ Int-area mailing list [email protected] https://www1.ietf.org/mailman/listinfo/int-area
