802.1x authentication and Prism firmware based AP

Venkatesh Tanjore VenkateshT at ishoni.com
Fri Mar 14 09:35:26 EST 2003


I know this is a HostAP mailining list. But I have a question regarding the
802.1x authetication, intra-bss traffic and the firmware based AP on the
Intersil Prism2 chipset.

Consider  an Access Point and two wireless clients.  The Wireless Client
1associates with the AP. After the assocaition, the 802.1x messages are sent
by the client to the AP to get the authentication done. Once the 802.1x
authentication is successful, the Access Point allows traffic to the wired
network. The Wireless Client 2 assocaites to the AP and once the 802.1x
authetication is successful, the AP allows traffic from client 2 to the
wired network.

Now  the intra -bss traffic is bridged by the firmware based AP. This  is
not passed to the host for routing/bridging to the wired network. How can we
filter the intra-bss traffic 
based on the 802.1x authentication. From the Intersil firmware based AP
documentation (Rm025.pdf), the RID, EntSecFlag( 0xFCB9) can be used to block
communications within the BSS. Setting bit 0 prevents clients from
communicating through the Access Point  with the other stations in the BSS
before the station has been authenticated. 

How can we tell the firmware based AP, that this particular station(client)
is 802.1x authenticated, so that the AP  can allow intra-bass communication
for this station. If the Bit 0 is set, there must be a way of telling the AP
that this station is 802.1x authenticated. If this is not set, then the
intra-bss traffic is allowed and the stations can communicate among
themseleves even if they are not 802.1x authenticated.

It would be great if you could provide any clues/help regarding this. 


A real leader faces the music, even when he doesn't like the tune

More information about the HostAP mailing list