Differences between EAPOL v1 and EAPOL v2?

[Jouni Malinen]

On Thu, Feb 28, 2008 at 09:37:59PM +0000, Queisser, Andrew (core, context, who knows?) wrote:

> We're running into some incompatibilies between clients that expect EAPOL v1 and APs that run EAPOL v2.

Unfortunately, some clients have incorrect implementation for IEEE
802.1X/EAPOL version negotiation and they refuse to work with EAPOL v2
even though the connection would work fine if they just allowed it to
continue..

> I took a look at the applicable IEEE specs from 2001 and 2004 but I have a hard time distilling the differences between the two versions. How big are the differences between the two versions for clients running WPA-PSK? Would it be safe for those clients to bypass the hardcoded check for EAPOL v1 and connect to APs running v2?

I don't remember whether there actually is any externally noticeable
difference apart from the version number in the EAPOL header. As far as
WPA-PSK, I don't think there are any real differences.

The way IEEE 802.1X version negotiation is supposed to work is that v1
supplicants can act in the exact same way with both v1 and v2
authenticators, so yes, it would be safe to just bypass that incorrect
check for the version field. Version 1 clients should do this with any
EAPOL version and expect the other end to take care of any backwards
compatibility operations, if needed.

-- 
Jouni Malinen                                            PGP id EFC895FA