802.1x and non 802.1x at the same time with HostAPd and hostap.

Jouni Malinen jkmaline at cc.hut.fi
Mon Mar 3 21:25:36 EST 2003


On Tue, Mar 04, 2003 at 02:03:46AM +0100, Dominique Blas wrote:

> 1. Is it possible to have 802.1x behaviour and simultaneously non-802.1x behaviour with hostapd and hostap driver ?

In theory, yes. This would probably require some minor changes, but most
of the code both in kernel driver and hostapd should be prepared for
this. However, you will end up having problems with at least stations
using WinXP IEEE 802.1X Supplicant, unless you can accept using static
WEP keys with non-802.1X stations. WinXP Supplicant requires WEP
(Privacy)-bit to be set in beacons for IEEE 802.1X and stations without
WEP keys do not associate with AP having this bit set.

> 2. Could it be possible to enable port access (802.1x) not on the AP but on a central gateway (Ethernet - Ethernet) to which the APs
> 	are connected through Ethernet ? AP will act as a bridge in this case.

Yes, it should be possible to locate port access control and IEEE 802.1X
EAPOL processing into a separate device. Although, you would need to
configure WEP keys to AP somehow.

> Why ? To keep an transparent AP (more common than 802.1x AP) and make the gateway support all the improvement of 802.1x (above all key distribution) and 802.1Tgi.

I assume you mean 802.11 TgI, not 802.1i.. You should note that 802.1X
and 802.11i have lots of differences. 802.1X has quite minimal impact on
base 802.11 functionality, whereas 802.11i changes it a lot. It would be
harder to implement 802.11i using an external device.

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the HostAP mailing list