IEEE 802.1x with dynamic WEP doesn't work in hostapd CVS

Andrew Barr barr.156 at osu.edu
Sat Nov 13 12:28:07 EST 2004


On Friday 12 November 2004 09:42 pm, Jouni Malinen wrote:
> On Fri, Nov 12, 2004 at 04:39:38PM -0500, Andrew Barr wrote:
> > I upgraded my AP to the latest HostAP CVS trying to resolve a WPA issue
> > that now appears to be the fault of the driver (or operator) ;-). Failing
> > to resolve the issue, I configured my AP to use IEEE 802.1x with dynamic
> > WEP, and I could not authenticate. Running xsupplicant with -d9 for
> > verbose debugging, I got this:
>
> Could you please re-test with another client/supplicant?
>
> > [ALL] Got Frame :
> > 00 04 23 5E F9 21 00 0D - 88 50 C7 30 88 8E 02 00 ..#^.!...P.0....
> > 00 05 01 00 00 05 01                              .......
> > [ALL] Got invalid EAPOL frame!
>
> That frame looks correct.. Based on a quick look at xsupplicant source
> code, it looks like the IEEE 802.1X/EAPOL version handling is done
> incorrectly and it is dropping packets with version numbers creater than
> 1 even though the correct behavior for version 1 supplicant would be to
> ignore the version number and process the frames as version 1 frames.
>
> > Notice the invalid EAPOL frame message. Downgrading to the latest release
> > (hostapd 0.2.5) immediately resolves the problem. Does the CVS version of
> > hostapd work, or should I be sticking to stable releases here?
>
> As far as I know, the CVS version works. The main difference between
> 0.2.x and 0.3.x is that 0.3.x is using newer version of EAPOL defined in
> IEEE 802.1X-REV. This looks like a supplicant issue, so I would
> recommend reporting this on xsupplicant mailing lists. You should also
> be able to use wpa_supplicant which supports new EAPOL version number.

Using a different supplicant is okay for me (running Linux where I have a 
choice), but I have a client computer that runs Windows XP and uses it's 
builtin supplicant to authenticate. Will using the new EAPOL version break 
the WinXP builtin supplicant? It could not authenticate either with the CVS 
version of HostAP. Unfortunately, either the XP supplicant doesn't log errors 
at all or I don't know how to get to them.

Andrew



More information about the HostAP mailing list