Can eapol_test rx EAPOL from a supplicant other than the built-in one?

Jouni Malinen j at w1.fi
Tue Aug 14 23:02:55 EDT 2007


On Tue, Aug 14, 2007 at 11:05:06AM -0700, Amber Sistla wrote:

> My network consists of 3 machines connected via LAN:

> Supplicant----Authenticator----RADIUS_Server

Are these three separate machines or do you care how supplicant and
authenticator would be connected?

> I want the supplicant to send EAPOL to the Authenticator, 
> 
> Then have the authenticator encapsulate the eapol packet in radius and
> forward it to the RADIUS_Server.
> 
> The RADIUS_Server then processes it, sends it back to the authenticator
> which then sends it back to the supplicant.

That sounds like a normal way of using 802.1X/EAP/RADIUS authentication,
so nothing that special here.

> I already have the supplicant piece and the RADIUS_Server piece.
> 
> I need the Authenticator piece.
> 
> Eapol_test performs similar to what I want to do, except it uses the
> built-in supplicant.

eapol_test is a combination of minimal authenticator code from hostapd
and supplicant from wpa_supplicant. It does not sound like what you want
since you are looking more of the authenticator part. Or well,
eapol_test could be an example of how this can be done for testing
purposes.

> Is it possible to get eapol_test to ignore the built-in supplicant, and wait
> in a loop for eapol requests coming from the supplicant over the wired
> connection?

Well, it would be possible to change eapol_test to do something like
that, but it may not be the best starting point for this particular
case.

> Does it need more of the functionality from hostapd for this?

Probably not, but starting from hostapd may be easier..

On Tue, Aug 14, 2007 at 11:11:36AM -0700, Amber Sistla wrote:
> Alternatively, can hostapd run on a machine that doesn't have a
> wireless card.

Yes, you can run hostapd with number of "driver wrappers" (driver_*.c).
One of these is 'wired' (for wired 802.1X authentication) and another
one is 'test' (for testing hostapd with wpa_supplicant). Neithor of
these need a wireless card.

I think that the easiest mechanism for testing your existing supplicant
and RADIUS server would be to run hostapd as the authenticator with
either the wired driver (if your supplicant is able send/receive EAPOL
frame over a wired interface) or the test driver (if you want to avoid
the network connection between supplicant and authenticator completely
and just implement the UNIX domain socket interface between the
supplicant hostapd in the same way as driver_test.c is implemented in
wpa_supplicant/hostapd).

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the HostAP mailing list