802.1X Cofiguration query - can 802.1X authentication be optional?

Jouni Malinen jkmaline at cc.hut.fi
Sun Oct 8 22:28:30 EDT 2006


On Tue, Oct 03, 2006 at 10:28:20AM +0100, lloyd wrote:

> Also I'm wondering, respectfully, if you're asking the correct question -
> can a mixed mode AP be run, where 802.1X-authenticated stations use
> encryption but stations in the non-authenticated vlan are not encrypted?
> If not, the answer is no - we need open access to be unencrypted.  Having
> said that we could perhaps share a public WEP key, or make it the SSID, or
> similar.  Or maybe we could run multiple VAPs.  We're all volunteers
> though, and would need to keep things as simple as possible.

Have you used similar configuration before? As an example, WinXP SP2
started requiring wireless connections to be encrypted in order to even
allow IEEE 802.1X to be used in the first place. In addition, there are
client implementations that will refuse to associated with an AP if the
AP is configured to indicate in the beacon frames that it is using
encryption (which is needed for WinXP SP2 + IEEE 802.1X) if the client
is configured to use unencrypted connection. In other words, using a
single BSS for both of these uses may not work with all clients.

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the HostAP mailing list