If you are trying to run a virtual machine using libvirt (KVM) with bridged networking on the host, the default configuration for 802.1D MAC bridging doesn’t support forwarding of EAPOL traffic for 802.1X authentication. Running the wpa_supplicant on the VM guest will fail. The following assumes you’ve already configured bridged networking on the VM host and that it is named br0.
All commands should be run on the virtual machine host, not guest.
Disable stp for your bridge interface for Debian-based Linux:
$ sed -i "/^iface\ br0.*/ a \\\tbridge_stp off" /etc/network/interfaces
And for RHEL-based Linux:
$ sed -i '$ a STP=off' /etc/sysconfig/network-scripts/ifcfg-br0
Create the following shell script in /usr/local/sbin/8021Xforward.sh, making it executable with a chmod a+rx /usr/local/sbin/8021Xforward.sh.
#!/bin/bash /bin/echo 8 > /sys/class/net/br0/bridge/group_fwd_mask
Create the following system unit file in /etc/systemd/system/8021Xforward
[Unit] Description=802.1X Forwarder [Service] User=root Group=wheel ExecStartPre=/bin/sleep 60 ExecStart=/usr/local/sbin/8021Xforward.sh [Install] WantedBy=default.target
Enable and start the 8021Xforward.service
$ systemctl enable 8021Xforward.service; systemctl start 8021Xforward.service
Verify that this has taken effect. The follow command should return an 0x8.
$ cat /sys/class/net/br0/bridge/group_fwd_mask 0x8
Restart the network or reboot your VM host.
for RHEL-based Linux:
$ systemctl restart network
or for Debian-based Linux:
$ systemctl restart networking