https://community.cisco.com/t5/network-access-control/eapol-logoff-spoofing/m-p/321581#M433651 <P>Hi,</P><P></P><P>Microsoft 802.1x supplicants do not send a EAPOL logoff because Microsoft does not trust logoff packets. These packets can not be authenticated and can be easily spoofed. Microsoft states that a 802.1x authenticator should not respond to EAPOL logoff packets.</P><P></P><P>Does anyone known if Cisco switches (and access points) respond to the EAPOL logoff packets ?</P><P>And can we prevent spoofing these packets in a network with Cisco 802.1x switches ?</P><P></P><P></P><P>Kind Regards,</P><P></P><P> Gerard van Bon</P><P></P> Sun, 10 Mar 2019 20:47:04 GMT vanbon 2019-03-10T20:47:04Z https://community.cisco.com/t5/network-access-control/eapol-logoff-spoofing/m-p/321581#M433651 <P>Hi,</P><P></P><P>Microsoft 802.1x supplicants do not send a EAPOL logoff because Microsoft does not trust logoff packets. These packets can not be authenticated and can be easily spoofed. Microsoft states that a 802.1x authenticator should not respond to EAPOL logoff packets.</P><P></P><P>Does anyone known if Cisco switches (and access points) respond to the EAPOL logoff packets ?</P><P>And can we prevent spoofing these packets in a network with Cisco 802.1x switches ?</P><P></P><P></P><P>Kind Regards,</P><P></P><P> Gerard van Bon</P><P></P> Sun, 10 Mar 2019 20:47:04 GMT https://community.cisco.com/t5/network-access-control/eapol-logoff-spoofing/m-p/321581#M433651 vanbon 2019-03-10T20:47:04Z https://community.cisco.com/t5/network-access-control/eapol-logoff-spoofing/m-p/321582#M433652 <HTML><HEAD></HEAD><BODY><P>Cisco switches take action on EAPOL-Logoff frames as defined by 802.1x as the transmission of them is perfectly valid.</P><P></P><P>In wireless deployments, the failure to encrypt EAPOL may render it vulnerable to spoofing alone due the the inherent shared media type (which is why 802.1x is part of WPA and why 802.1x can use it to assume an association to any device on the media has already taken place).</P><P></P><P>In wired deployments this is not as much of a concern, since wire-tapping would then be the least common denominator (or attack vector).</P><P></P><P>So, it's dependent on the supplicant implementation.</P><P></P><P>Hope this helps.</P></BODY></HTML> Fri, 03 Sep 2004 17:57:51 GMT https://community.cisco.com/t5/network-access-control/eapol-logoff-spoofing/m-p/321582#M433652 jafrazie 2004-09-03T17:57:51Z https://community.cisco.com/t5/network-access-control/eapol-logoff-spoofing/m-p/321583#M433653 <HTML><HEAD></HEAD><BODY><P>Hi Jason,</P><P></P><P>Thanks for the reply. I forgot that in wireless the EAPOL logoff is encrypted (WEP). </P><P>And in a wired network I do not see it as a problem.</P><P></P><P>Regards, Gerard </P></BODY></HTML> Sat, 04 Sep 2004 06:35:02 GMT https://community.cisco.com/t5/network-access-control/eapol-logoff-spoofing/m-p/321583#M433653 vanbon 2004-09-04T06:35:02Z