Home > cisco > Should Consumer Router plugged into dotx (802.1x) enabled port see only WAN MAC address?

Should Consumer Router plugged into dotx (802.1x) enabled port see only WAN MAC address?

October 22Hits:4
Advertisement

Probably a quick question. I am testing my dotx (802.1x) deployment on an Access Layer switch. I want to know if I plug in a consumer router, like a Linksys or Netgear, will the dotx only see the WAN's ports MAC address during the authentication process? I believe that should be the case, however I am testing with an Aruba Access Point. I've plugged in the WAN of the Aruba into the dot1x enabled Access Switch. Using MAB i've added the MAC to bypass authentication...however periodically devices behind the ARuba will show up in my Access Layer switch's logs asking for EAPOL???

Answers

It sounds like your Aruba AP is not tunneling (all) it's client's traffic, and if so, this would be expected behaviour.

This would happen in situations where:

  • You're using an Aruba IAP - in which case, all client traffic is being bridged
  • You're using a controller-homed AP, but you have configured Forward-Mode to be Bridged for a particular SSID

The AP is just a two-port switch at the end of the day (tunneling aside), albeit one with a wireless port and a wired - no MAC hiding will be taking place.

Related Articles

Copyright (C) 2017 ceus-now.com, All Rights Reserved. webmaster#ceus-now.com 14 q. 0.534 s.