WDS & hostapd port authorization

Slobodan Tomic stomic at verat.net
Mon May 19 04:08:44 EDT 2003

On Mon, 2003-05-19 at 03:39, Jouni Malinen wrote:
> On Sun, May 18, 2003 at 11:44:24PM +0200, Slobodan Tomic wrote:
> >   I have setup with two (and more) APs using WDS. Everything is bridged
> > (wlan0 and wlan0wds0 at each AP) and everything works perfectlly. But if
> > I use hostapd at each AP (with or without 802.1X) wlan0wds0 is blocked
> > by each hostapd because that port is not authorized, even if I put MAC
> > addresses of other APs in /etc/hostapd.accept. Is this bug in hostap[d]
> > or have I missed something?
> Well.. It might be called a feature since allowing WDS links with no
> encryption or static WEP keys would weaken the security of such a setup
> if stations are using dynamic, individual WEP keys. Anyway, I changed
> the driver to accept frames from WDS links even if IEEE 802.1X PAE is in
> use.

Great. Do you have any idea, how this setup can be made more secure? I
forgot to mention that I have much more (absolute) control over APs and
not too much over clients, so (if non available) I can implement
(in-house made) procedure for WEP rekeying, even use some other algo for
encryption (other then WEP) over wds link (APs are all hostapd!). 

Excellent work guys... Thanx a lot.


More information about the HostAP mailing list