So a bunch of security critical VLANs terminate at our WLAN access points (the APs themselves are 802.1X enabled in regard to wireless clients). Hence, all an attacker needs to do is unplug an AP, plug in a notebook and tag himself to the VLAN of his liking. To mitigate this, I set the hold timer to an arbitrarily high value, like 15 minutes. However, this is security through obscurity. I'd rather have those ports 802.1X enabled.
However, when I try to enable 802.1X on a trunk port, I get
"Cannot configure dot1x on this interface since the port-mode is defined as trunk".
Why is that? What is the reason why this is not supported?
Works without a problem on Cisco boxes, just tried it in the lab.
On a side note, the documentation nowhere mentions this.
We are running 12.3R11.2.