802.1x question

zhang zhi-heng zhzhang.sg at gmail.com
Tue Aug 7 06:23:51 CEST 2018

We are checking which swtiches should be compatible with our network

deployment and RADIUS using 802.1x.  Our understanding is that it should

work like this:

 1.           Supplicant Client sends any authentication information using
EAP-TTLS tunnel to

RADIUS server, which will include certificate.  So for example, it sends MAC

ID and certificate to RADIUS server (through the 802.1x enabled
authenticator switch).


2.           The RADIUS server will then tell the switch which certificates

authenticated (and not the MAC ID or other information).

 Does this sound correct?

 Or, in order to pass MAC "and" certificate, it will not be compliant with

802.1x since 802.1x only uses x.509 certificate and therefore we would need

a switch with 802.1x "bypass mode"?


More information about the Freeradius-Users mailing list