[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

filter on ethernet type?



It doesn't appear that you can filter on ethernet type? I was 
thinking about creating a userland 802.1x authenticator by 
filtering on ether type 0x888e (EAP/EAPOL).
I had thought about tagging at the bridge level with the 
multicast ethernet address 01-80-C2-00-00-03.  Is it possible 
to create a bridge group of 1 interface to filter locally? If 
so I could tag at the L2 layer then let PF redirect the packet 
to a local userland 802.1x authenticator, which could modify 
PF rules once authentication is successful.
>From some EAPOL 
documentation.
"When an 802.1X-capable host starts up, it will initiate the 
authentication phase by sending the EAPOL-Start 802.1X protocol 
data unit (PDU) to the reserved IEEE multicast MAC address 
(01-80-C2-00-00-03) with the Ethernet type or length set to 
0x888E."