wpa_supplicant fails with ndiswrapper andmadwifi driver for Atheros 802.11a/b/g card

Michael Reilly michaelr at cisco.com
Sun Nov 21 22:59:01 EST 2004


I just tried 0.12rc3 with my two Atheros cards against a Cisco 1100 AP using 
WPA-PSK.  It failed with both cards.  It may be related to the timing 
related problems you are seeing.  I have been busy at work so haven't had a 
chance to play with this a lot

michael
Jouni Malinen wrote:
> On Wed, Nov 10, 2004 at 12:19:06PM -0800, Michael Reilly wrote:
> 
> 
>>>>I have a Cisco CB21AG card which is based on the Atheros 802.11a/b/g chip 
>>>>(5212 I think it is called).  The card has a PCI id of vendor 0x168c, 
>>>>device 0x0013.
>>>>
>>>>wpa_supplicant fails when I try to use WPA-PSK.  I downloaded a trial 
>>>>copy of driverloader and it works fine.
> 
> 
>>	ndiswrapper: driver ar5211.sys (,12/03/2003,2.4.2.33) added
> 
> 
> I tested with another AR5212-based a/b/g card and the same driver
> version (2.4.2.33) using the current CVS snapshot of ndiswrapper and
> Linux 2.4.28. This worked in my tests with WPA-PSK. In couple of test
> cases with Linksys WRT54G as the AP, it took few attempts to get group
> key handshake completed, though. This may be some kind of timing related
> issue with the client not receiving encrypted frames immediately after
> the keys have been configured. The tests with another AP (Gateway
> 7001ag) were succeeded on the first try. This AP has a longer timeout
> for group key handshake, which could explain the behavior.
> 
> WPA-RADIUS (key_mgmt=WPA+IEEE 802.1X) was not apparently implemented at
> all in ndiswrapper (I would assume it was just forgotten). I added
> support for it and this seemed to allow association and completion of
> IEEE 802.1X + WPA authentication. The attached patch against the
> ndiswrapper CVS was enough to get this working and it would be nice to
> see it being added to the next ndiswrapper release.
> 
> I tested this with both Atheros and Broadcom based cards. There seems to
> be some issues with both cards as far as reliability in getting packets
> through during the authentication is concerned.. Some of the IEEE 802.1X
> packets seem to disappear and I needed to use shorter EAPOL state
> machine timeouts to get authentication more reliable. Another issue was
> the failure in getting group key handshake done in some test runs that I
> mentioned above.
> 

-- 
---- ---- ----
Michael Reilly    michaelr at cisco.com
     Cisco Systems,  California



More information about the HostAP mailing list