Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

802.1x

If I have a 802.1x client(supplicant) and 802.1x switch(authenticator) connected, what will happen if I put a non 802.1x switch in between the 802.1x client and switch? Will the supplicant be able to authenticate with the authentication server on the other side of the authenticator.

  • Other Security Subjects
2 REPLIES
Cisco Employee

Re: 802.1x

It will not work, nor should it. 802.1X as per the standard, uses a multicast MAC destination address to

communicate between client (supplicant) and switch (authenticator).

This multicast address is out of the BPDU range for 802.1D. The reason for this is so that the switch is aware that it must intercept the frame for processing as 802.1X, much like STP BPDUs. All 802.1D switches must not forward BPDU range frames transparently. So, what ends up happening is that this switch you've put inthe middle may not forward the 802.1X frame to the next switch up - nor should it.

New Member

Re: 802.1x

This is great thank you. Do you know a good document that explains this?

Thanks

161
Views
4
Helpful
2
Replies