Hello, I could not find information about wpa_supplicant and 802.1x multiple authentication (Cisco). I would like to authenticate 18 clients (embedded devices/wired Ethernet) through an unmanaged switch to one Cisco switch port. The clients use a debian derivate with wpa_supplicant 2.3 handling 802.1x authentication. It is obvious, that the the clients restart authentication very often e.g. every view seconds: Wpa_supplicant sends multicast messages to a group address that all clients subscribes to, that means other clients will get response messages that was not meant for them. This causes the supplicant PAE state machine to transition from state AUTHENTICATED to state RESTART, the transitions happens on 'eapolEap&&portValid', "On receiving an EAP-Request frame while portValid is asserted, the Supplicant transitions to the RESTART state." IEEE 802.1X-2004, § 8.2.11.7. However 'eapolEap' is not set when receiving EAP-Request but according to § 8.2.2.2 h, "eapolEap. This variable is set TRUE by an external entity if an EAPOL PDU carrying a Packet Type of EAP-Packet is received.". This will work if you have one client, but in our use case we have multiple which means EAP-Packet != EAP-Request. Does anyone has an idea how we could prevent the permanent state changes between AUTHENTICATED and RESTART state? I would be thankful for any ideas or workarounds. Best regards, Paul _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap