You should visit your error log for more information. This article may be too technical for most readers to understand. Please help improve it to make it understandable to non-experts, without removing the technical details. It is part of the IEEE 802. IEEE 802, which is known as “EAP over LAN” or EAPOL.

The term ‘supplicant’ is also used interchangeably to refer to the software running on the client that provides credentials to the authenticator. The authenticator acts like a security guard to a protected network. 1X-2001 defines two logical port entities for an authenticated port—the “controlled port” and the “uncontrolled port”. The controlled port is manipulated by the 802. The uncontrolled port is used by the 802. 1X PAE to transmit and receive EAPOL frames. 1X-2004 may prevent higher level protocols being used if it is not content that authentication has successfully completed.

This is particularly useful when an EAP method providing mutual authentication is used, as the supplicant can prevent data leakage when connected to an unauthorized network. The supplicant listens on this address, and on receipt of the EAP-Request Identity frame it responds with an EAP-Response Identity frame containing an identifier for the supplicant such as a User ID. The authenticator encapsulates the EAP Request in an EAPOL frame and transmits it to the supplicant. Windows XP, Windows Vista and Windows 7 support 802. 1X for all network connections by default. An open source project known as Open1X produces a client, Xsupplicant.

This client is currently available for both Linux and Windows. 1X as of the release of iOS 2. 1X since the release of 1. Mac OS X has offered native support since 10. Avenda Systems provides a supplicant for Windows, Linux and Mac OS X. They also have a plugin for the Microsoft NAP framework. Windows defaults to not responding to 802.

1X authentication requests for 20 minutes after a failed authentication. This can cause significant disruption to clients. A hotfix is required for Windows XP SP3 and Windows Vista SP2 to make the period configurable. The implication of this is that when using a commercial certification authority, individual certificates must be purchased.

Windows XP has major issues with its handling of IP address changes that result from user-based 802. 1X authentication that changes the VLAN and thus subnet of clients. Microsoft has stated that it will not back port the SSO feature from Vista that resolves these issues. If users are not logging in with roaming profiles, a hotfix must be downloaded and installed if authenticating via PEAP with PEAP-MSCHAPv2. Windows Vista based computers that are connected via an IP phone may not authenticate as expected and, as a result, the client can be placed into the wrong VLAN.

