Solved: EAP process for wireless and wired network

sqambera · ‎03-20-2016

Hello,

I am confused with the process of EAP when I compare it between wired and wireless. As much as I understand in order for EAP to work in case of wired 802.1x authentication, the client has to have an IP address on it in advance. In other words EAP process can't start without the IP address on the wired client. For the same reason probably we allow DHCP traffic to pass in low impact mode.

But when it comes to wireless it looks like EAP process can work without an IP address being required on the wireless client. Is my understanding correct? If yes, how can EAP process progress without an IP address on the client because there could be a scenario that RADIUS/ISE server might be available to client over a layer 3 network for 802.1x authentication.

Thanks in advance for clarifying this confusion. Also I'd appreciate any link to a good document covering this concept.

Regards,

Qamber

Peter Koltl · ‎03-26-2016

EAPOL traffic between switch and host is not over IP and flows even before DHCP.

View solution in original post

Peter Koltl · ‎03-26-2016

EAPOL traffic between switch and host is not over IP and flows even before DHCP.

sqambera · ‎03-29-2016

Many thanks Peter for helping to clarify concept.

EAP process for wireless and wired network

3.3 MAC Authentication Bypass for Wired and Wireless Access

Network Services Orchestrator (NSO) - How To

Cisco Wireless - How To

Wired& Wireless! 802.1x个跟AAA区别

EAP-TEAPによるEAP chaining