Hi,
I have been attempting to use ead do wired 802.1x authentication and I am having problems
with an HP V1910-48G switch (admittedly an old switch).
The problem I see is that the switch never responds to the EAPOL packets sent by ead.
Investigating I saw that the protocol version in the EAPOL packets sent by ead is set to
802.1X-2004 (2) but in the unsolicited packets the switch sends it is set to 802.1X-2001
(1).
I am new to 802.1X but I went through the specs and as I understand the switch should
respond even if it receives an EAPOL version higher that what it uses, but this switch
does not.
Looking through the ead sources I think the new 802.1X-2004 features are not used, so I
went ahead and changed ead to send 802.1X-2001 (1) in its packets, and voilà it now
works!
Is there any reason that the packets sent by ead use version 802.1X-2004? If not I can
send a patch to change it to always use 802.1X-2001. I suspect it is safer to use the
older version of the standard, as switches implementing 802.1X-2004 surely work with
802.1X-2001.
Also, I see ead does not manipulate the link state and mode of the interface, I would have
expected it to put the interface into dormant mode and the link state changed between up
and dormant depending on the authenticated state (like iwd does for WLAN links). Is there
any reason for this? I guess one could be the support of guest or auth-fail VLANs in some
switches.
Best,
Diego
--
Diego Santa Cruz, PhD
Technology Architect
spinetix.com