If I have a 802.1x client(supplicant) and 802.1x switch(authenticator) connected, what will happen if I put a non 802.1x switch in between the 802.1x client and switch? Will the supplicant be able to authenticate with the authentication server on the other side of the authenticator.
It will not work, nor should it. 802.1X as per the standard, uses a multicast MAC destination address to
communicate between client (supplicant) and switch (authenticator).
This multicast address is out of the BPDU range for 802.1D. The reason for this is so that the switch is aware that it must intercept the frame for processing as 802.1X, much like STP BPDUs. All 802.1D switches must not forward BPDU range frames transparently. So, what ends up happening is that this switch you've put inthe middle may not forward the 802.1X frame to the next switch up - nor should it.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...