An interesting old paper about 802.1x for wireless networks

The man-in-the-middle attack works because 802.1x uses only one-way authentication. In this case, the attacker acts as an AP to the user and as a user to the AP.

"The trust assumption that is reflected from this design is that the access points are trusted entities, which is a misjudgement. The entire framework is rendered insecure if the higher-layer protocol also performs a one-way authentication," according to the Arbaugh, Mishra paper.

One industry analyst was not surprised by the lack of security that 802.1x offers.