802.1X’s lack of follow-on per-packet authentication creates the situation for this man-in-the-middle attack. The attacker can connect to resources on the protected network with the same IP and IP addresses as the victim. The attack requires physical access to the network, but the attacker could hide by disabling an APs SSI broadcast. The vulnerability is not a Microsoft issue, but I learned of it through a Microsoft Security Newsletter feature. The author claims to have written about this subject in his book Protect Your Windows Network.”]
Source: https://taosecurity.blogspot.com/2005/08/steve-riley-on-802.html