Clarification of IEEE stanza

Jouni Malinen j at w1.fi
Wed Feb 25 13:40:04 EST 2009


On Wed, Feb 25, 2009 at 09:03:31AM +0100, Jouke Witteveen wrote:

> IEEE 802.1X states the following:
> ---quoting section 7.8 ------
> In MACs where the LAN technology concerned is such that the individual
> MAC address of the Supplicant is known to the Authenticator, and vice
> versa, all EAPOL frames transmitted by a PAE shall carry the
> individual MAC address associated with the destination PAE’s point of
> LAN attachment as the destination MAC address. Otherwise, all EAPOL
> frames transmitted by a PAE shall carry the PAE group address as the
> destination MAC address even if the individual MAC address of the
> destination PAE is later discovered.
> ---end quote------
> Does this, or does this not mean wired authentication (for example by
> an ISP) should use the PAE group address?

It depends on what exactly you mean with "wired". One example of a
commonly used wired network is IEEE 802.3 in which the MAC address of
the other end is not known initially, i.e., in which PAE group address
would be used. IEEE 802.11 (while not wired) is a good example of a MAC
where the address is known (due to association mechanism). I would
expect that there are also wired networks in which the MAC address could
be known due to some kind of negotiation taking place prior to the start
of IEEE 802.1X, but I do not have a good example of that. Anyway, in
such a wired connection, the individual MAC address would indeed be used
instead of the PAE group address.

-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list