Page 1 of 1

802.1x / dot1x client not working when interface is on a bridge

Posted: Wed Jul 31, 2019 11:14 pm
by wojo
I'm able to successfully authenticate with a 802.1x server using RouterOS on a bare interface, but once that interface is a part of a bridge (with default settings) I cannot successfully complete the EAPOL process. It seems to never get to the TLSv1 packet exchange, but I do see the identity request and response.

I have pcaps that I'll clean up soon, but curious if anyone else has tried this or can reproduce it.

If you are wondering why is this interface on a bridge, it lets me handle a situation of stripping VLAN 0 (due to 802.1p priority tagging without VLAN) with VLAN Filtering so I can utilize standard IP features including DHCP, etc. I have to be able to handle those tagged frames inbound to the Mikrotik, but not produce them.

ROS version 4.45.2

Re: 802.1x / dot1x client not working when interface is on a bridge

Posted: Thu Aug 01, 2019 4:01 pm
by vikinggeek
+1 Me Too!

Re: 802.1x / dot1x client not working when interface is on a bridge

Posted: Thu Aug 01, 2019 6:06 pm
by sindy
Question - what protocol-mode have you set on the bridge? One of the STP flavors or none?

Re: 802.1x / dot1x client not working when interface is on a bridge

Posted: Thu Aug 01, 2019 8:27 pm
by wojo
Question - what protocol-mode have you set on the bridge? One of the STP flavors or none?

I've tried both both also thinking it could be the restrictions around 802.1D. I also spent way too much time tinkering with all the settings I could think of in the dark for weird interactions/bugs but couldn't find anything that works while the interface was on a bridge.

Re: 802.1x / dot1x client not working when interface is on a bridge

Posted: Wed Sep 11, 2019 11:01 pm
by robbz
+1 here

Re: 802.1x / dot1x client not working when interface is on a bridge

Posted: Fri Sep 27, 2019 5:30 pm
by vsixnetworks
+1 as well