<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head>  <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="generator" content="Org Mode"> </head> <body> <div style="font-family:-apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol";;font-size:11pt;line-height:12pt;" id="content"> Hi, i already wrote a message to users@lists.freedesktop.org some time ago, but so far no response. Maybe somebody is able to give a hint how to fix the problems we are currently facing with our setup: We are trying to implement 802.1x on our Fedora-Workstations (36, latest updates) for both, the workstation itself and a Windows KVM Guest. Therefor we created a linux bridge with the physical and virtual device as members. The virtual kvm guest has been configured to use the br0 within kvm. To make 802.1x Link Local frames passing the bridge to the actual interfaces we configured the group_fw_mask. Both, the guest and the host system are able to authenticate them via 802.1x. Also the Windows Guest is able to reauthenticate (the switch forces a reauth every 2h), but not the linux host. The wireshark trace shows, that the switch is sending the request identiy frame (Type identity(1)), but the host system is not responding to it. Packet can be seen on bridge br0 and slave interface enp0s31f6, so the bridge is working. For me it seems that the network manager does ignore these packets. If I do a setup without a bridge the network manager response to the request identiy frame and everything is working. When i reup the connection, the 802.1x auth process starts with an eapol start and works as expected. Only the reauth is not working. Below you find my configurations – any help appreciated. <ul style="list-style-type:disc;"> <li style="line-height:1.2;margin-bottom:0px;margin-top:2px;max-width:47em;">br0 Connection: </li></ul> <pre style="line-height:1.2;color:#bbc2cf;background-color:#282c34;margin:4px 0px 8px 0px;padding:8px 12px;width:max-content;min-width:50em;border-radius:5px;font-size:0.9em;font-weight:500;font-family:SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", monospace;;" id="org3919499"> [connection] id=br0 type=bridge interface-name=enp0s31f6 [bridge] group-forward-mask=8 mac-address=<mac-of-the-physical-interface> stp=false [ipv4] method=auto [ipv6] addr-gen-mode=stable-privacy method=auto [proxy] </pre> slave Connection: <pre style="line-height:1.2;color:#bbc2cf;background-color:#282c34;margin:4px 0px 8px 0px;padding:8px 12px;width:max-content;min-width:50em;border-radius:5px;font-size:0.9em;font-weight:500;font-family:SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", monospace;;" id="orgda78d39"> [connection] id=bridge-slave-enp0s31f6 type=ethernet interface-name=enp0s31f6 master=br0 slave-type=bridge [802-1x] ca-cert=<path-to-file> client-cert=<path-to-file> eap=tls; identity=<identity> optional=true private-key=<path-to-file> private-key-password=<password> private-key-password-flag=4 [ethernet] [bridge-port] </pre> </div> </body> </html>