>>>>> "Bernard" == Bernard Aboba <aboba@xxxxxxxxxxxxx> writes:
>> My question is more why do they need EAP in situations where
>> they are not running at the link layer than why do they want or
>> not want PANA.
Bernard> The simple answer is that there are situations which IEEE
Bernard> 802.1X cannot handle on wired networks. As specified,
Bernard> IEEE 802.1X is "network port control", which means that
Bernard> authorization is controllable only at the port level. If
Bernard> there is more than one host connected to a switch port,
Bernard> then that model no longer applies.
Yeah. I guess I wonder whether you are actually getting network
access authenticatino at that point or whether you are getting a
service that allows you to check posture. It seems that a service
that simply allows you to check posture should be not EAP.
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf