Clarification of IEEE stanza

Jouke Witteveen j.witteveen at gmail.com
Wed Feb 25 03:03:31 EST 2009


Dear all,

I've been getting some feedback on the RoboSwitch driver (please keep
it coming). It happens that people cannot authenticate because the
authenticator switches to using the cient's MAC, instead of the PAE
group address.
IEEE 802.1X states the following:
---quoting section 7.8 ------
In MACs where the LAN technology concerned is such that the individual
MAC address of the Supplicant is known to the Authenticator, and vice
versa, all EAPOL frames transmitted by a PAE shall carry the
individual MAC address associated with the destination PAE’s point of
LAN attachment as the destination MAC address. Otherwise, all EAPOL
frames transmitted by a PAE shall carry the PAE group address as the
destination MAC address even if the individual MAC address of the
destination PAE is later discovered.
---end quote------
Does this, or does this not mean wired authentication (for example by
an ISP) should use the PAE group address?

Regards,
Jouke Witteveen


More information about the HostAP mailing list