An interesting old paper about 802.1x for wireless networks
http://www.infoworld.com/article/02/...ifispec_1.htmlThe man-in-the-middle attack works because 802.1x uses only one-way authentication. In this case, the attacker acts as an AP to the user and as a user to the AP.
"The trust assumption that is reflected from this design is that the access points are trusted entities, which is a misjudgement. The entire framework is rendered insecure if the higher-layer protocol also performs a one-way authentication," according to the Arbaugh, Mishra paper.
One industry analyst was not surprised by the lack of security that 802.1x offers.