We are trying to implement 802.1x on our Fedora-Workstations (36, latest updates) for both, the workstation itself and a Windows KVM Guest. Therefor we created a linux bridge with the physical and virtual device as members. The virtual kvm guest has been configured to use the br0 within kvm. To make 802.1x Link Local frames passing the bridge to the actual interfaces we configured the group_fw_mask.
Both, the guest and the host system are able to authenticate them via 802.1x. Also the Windows Guest is able to reauthenticate (the switch forces a reauth every 2h), but not the linux host. The wireshark trace shows, that the switch is sending the request identiy frame (Type identity(1)), but the host system is not responding to it. Packet can be seen on bridge br0 and slave interface enp0s31f6, so the bridge is working. For me it seems that the network manager does ignore these packets. If I do a setup without a bridge the network manager response to the request identiy frame and everything is working. When i reup the connection, the 802.1x auth process starts with an eapol start and works as expected. Only the reauth is not working. Below you find my configurations – any help appreciated. ------------------------------------------------------------------------------------------------------------------------- br0 Connection: [connection] id=br0 type=bridge interface-name=enp0s31f6 [bridge] group-forward-mask=8 mac-address=<mac-of-the-physical-interface> stp=false [ipv4] method=auto [ipv6] addr-gen-mode=stable-privacy method=auto [proxy] slave Connection: [connection] id=bridge-slave-enp0s31f6 type=ethernet interface-name=enp0s31f6 master=br0 slave-type=bridge [802-1x] ca-cert=<path-to-file> client-cert=<path-to-file> eap=tls; identity=<identity> optional=true private-key=<path-to-file> private-key-password=<password> private-key-password-flag=4 [ethernet] [bridge-port] ------------------------------------------------------------------------------------------------------------------------- _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
