Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4024
Views
20
Helpful
4
Replies

How to enable EAPOL version 2 for WPA Enterprise network?

cong_binh
Level 1
Level 1

‎05-29-2019 06:47 PM - edited ‎07-05-2021 10:29 AM

Hello,

 

We have a WPA Enterprise network on our site. We use CISCO WLC 5670 and ISE.

We are using PEAP for authentication.

 

The issue here is that, in our system, EAPOL version 3 is being used, while we also need to work with devices that only support EAPOL v2,

 

Is there any way to allow backward compatibility, so that our system can support EAPOL v2 also?

Thank you very much.

Labels:
0 Helpful
4 Replies 4

Rasika Nayanajith
VIP
VIP

‎05-30-2019 10:25 AM

You should be get it resolve by enabling support for required EAP protocols (PEAP, EAP-TLS, EAP-FAST, or any other that client supports) on ISE under Policy -> Policy Elements -> Results -> Allowed Protocols.

 

HTH

Rasika

*** Pls rate all useful responses ****

Arne Bier
VIP
VIP

‎06-04-2019 05:33 AM

Hi @cong_binh 

 

What exactly is EAPOL v3 ?  Do you have a good reference link for the difference between v2 and v3?

 

regards

0 Helpful

Rasika Nayanajith
VIP
VIP
In response to Arne Bier

‎06-04-2019 09:38 AM - edited ‎06-04-2019 09:40 AM

Hi Arne,

IEEE 802.1X-2010 standard is the one to refer. If implementation comply to that standard, version number is 3.

 

11.3.1 Protocol Version
This one octet field represents an unsigned binary number identifying the EAPOL protocol version
supported by the transmitter. An implementation conforming to this specification shall use the value 0x03.

 

11.5 EAPOL protocol version handling
To ensure that backward compatibility is maintained between versions of this protocol, a version A protocol
implementation shall interpret a received EAPOL PDU with protocol version number B as follows:
a) Where B is greater than or equal to A, the EAPOL PDU shall be interpreted as if it carried the
supported version number, A, as follows:
1) All parameters that are defined in version A shall be interpreted in the manner specified for
version A of the protocol.
2) All parameters not defined in version A for the given EAPOL Packet Type shall be ignored.
3) All octets that appear in the EAPOL PDU beyond the largest numbered octet defined for
version A for the received EAPOL Packet Type shall be ignored.
NOTE 1—As a consequence of these rules, a version 1 implementation ignores the version number. The rules allow
future specification of protocol extensions, identified as new versions. Subsequent versions can be required to check the
version number in order to correctly interpret the received PDU.
b) Where B is less than A, the EAPOL PDU shall be interpreted as specified for the version number, B,
as follows:
1) All parameters shall be interpreted in the manner specified for version B of the protocol.
2) All parameters not defined in version B for the given EAPOL Packet Type shall be ignored.
3) All octets that appear in the EAPOL PDU beyond the largest numbered octet defined for
version B for the received EAPOL Packet Type shall be ignored

 

HTH

Rasika

*** Pls rate all useful responses ***

cong_binh
Level 1
Level 1
In response to Arne Bier

‎06-04-2019 05:25 PM

Hi @Arne Bier,

You can refer to the Rasika Nayanajith's reply.
In my case I read about EAPOL v3 in the book "Network Security" by André Pérez (ISBN:1848217587), page 28.

Regards,
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card