An open-source project named
Open1X produces a client,
Xsupplicant. This client is currently available for both Linux and Windows. The main drawbacks of the Open1X client are that it does not provide comprehensible and extensive user documentation and that most Linux vendors do not provide a package for it. The more general
wpa_supplicant can be used for
802.11 wireless networks and wired networks. Both support a very wide range of EAP types. The
iPhone and
iPod Touch support 802.1X since the release of
iOS 2.0.
Android has support for 802.1X since the release of 1.6 Donut.
ChromeOS has supported 802.1X since mid-2011.
macOS has offered native support since
Mac OS X Panther.
Avenda Systems provides a supplicant for
Windows,
Linux and
macOS. They also have a plugin for the Microsoft
NAP framework. Avenda also offers health checking agents.
Windows Windows defaults to not responding to 802.1X authentication requests for 20 minutes after a failed authentication. This can cause significant disruption to clients. The block period can be configured using the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dot3svc\BlockTime DWORD value (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\wlansvc\BlockTime for wireless networks) in the registry (entered in minutes). A
hotfix is required for Windows XP SP3 and Windows Vista SP2 to make the period configurable.
Wildcard server certificates are not supported by EAPHost, the Windows component that provides EAP support in the operating system. The implication of this is that when using a commercial certification authority, individual certificates must be purchased.
Windows XP Windows XP has major issues with its handling of IP address changes resulting from user-based 802.1X authentication that changes the VLAN and thus subnet of clients. Microsoft has stated that it will not backport the
SSO feature from Vista that resolves these issues. If users are not logging in with roaming profiles, a hotfix must be downloaded and installed if authenticating via PEAP with PEAP-MSCHAPv2.
Windows Vista Windows Vista-based computers that are connected via an IP phone may not authenticate as expected and, as a result, the client can be placed into the wrong VLAN. A hotfix is available to correct this.
Windows 7 Windows 7 based computers that are connected via an IP phone may not authenticate as expected and, consequently, the client can be placed into the wrong VLAN. A hotfix is available to correct this.
Windows PE Windows PE does not have native support for 802.1X. However, support can be added to WinPE 2.1 and WinPE 3.0 through hotfixes that are available from Microsoft. Although full documentation is not yet available, preliminary documentation for the use of these hotfixes is available via a Microsoft blog.
Linux Most
Linux distributions support 802.1X via
wpa_supplicant and desktop integration like
NetworkManager.
Apple devices As of
iOS 17 and
macOS 14, Apple devices support connecting to 802.1X networks using
EAP-TLS with TLS 1.3 (EAP-TLS 1.3). Additionally, devices running iOS/iPadOS/tvOS 17 or later support wired 802.1X networks.
Federations eduroam (the international roaming service), mandates the use of 802.1X authentication when providing network access to guests visiting from other eduroam-enabled institutions.
BT (British Telecom, PLC) employs Identity Federation for authentication in services delivered to a wide variety of industries and governments. == Proprietary extensions ==