Switch set up fails open

John A. Sullivan III jsullivan at opensourcedevel.com
Tue Jun 5 18:05:03 EDT 2007


Hello, all.  This is my first set up of hostapd.  I'm attempting to
create a test 802.1x enabled Linux based switch.  I have an Ubuntu 7.0.4
(Feisty) PC with four NICS (eth0,1,2,3) set up in a bridge (switch0)
with hostapd 0.5.8 and freeradius 1.1.6.  There is no wireless; this is
a LAN switch only.

If I understand correctly, I will ultimately need a separate
configuration file for each port (by the way, does hostadp.conf support
includes so I can use the same setup for each port and just change the
interface?) but for now, to keep things simple, I have only configured
eth3.

I plugged my laptop into eth3 with a crossover cable.  Before activating
hostapd, the laptop communicated on the network (ping test).  I then
activated hostapd and expected that communication would fail since the
laptop had not authenticated.  It did not fail; the laptop communicates
on the network just as it did without hostapd. I have rebooted it
several times with the same results.

I assume this means my setup is not working and not that hostapd fails
open on 802.1x.  What is wrong with my configuration?

Here is stdout from hostapd - the laptop rebooted several times while
this was running.  The MAC address is that of eth3:
jsullivan at testswitch:/var/log$ sudo hostapd -dd /etc/hostapd/hostapd.conf
Password:
Configuration file: /etc/hostapd/hostapd.conf
ctrl_interface_group=0
Opening raw packet socket for ifindex 5
BSS count 1, BSSID mask ff:ff:ff:ff:ff:ff (0 bits)
Flushing old station entries
Deauthenticate all stations
Using interface eth3 with hwaddr 00:c0:f0:59:99:0c and ssid ''
eth3: RADIUS Authentication server 127.0.0.1:1812
eth3: Setup of interface done.
 
Here is syslog (several restarts):
Jun  5 16:20:30 testswitch hostapd: eth3: RADIUS Authentication server 127.0.0.1:1812
Jun  5 16:24:25 testswitch hostapd: eth3: RADIUS Authentication server 127.0.0.1:1812
Jun  5 16:29:15 testswitch hostapd: eth3: RADIUS Authentication server 127.0.0.1:1812
Jun  5 16:30:09 testswitch hostapd: eth3: RADIUS Authentication server 127.0.0.1:1812
Jun  5 16:59:20 testswitch -- MARK --
Jun  5 17:06:46 testswitch hostapd: eth3: RADIUS Authentication server 127.0.0.1:1812

Here is hostapd.conf (remember - no wireless):
interface=eth3
bridge=switch0 # I tried with and without this parameter
driver=wired
logger_syslog=54
logger_syslog_level=2
logger_stdout=54
logger_stdout_level=2
debug=4
dump_file=/tmp/hostapd.dump
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
#Wireless settings coming up - I changed very few and commented out some
- no SSID
max_num_sta=255
macaddr_acl=0
auth_algs=1
wme_enabled=1
wme_ac_bk_cwmin=4
wme_ac_bk_cwmax=10
wme_ac_bk_aifs=7
wme_ac_bk_txop_limit=0
wme_ac_bk_acm=0
wme_ac_be_aifs=3
wme_ac_be_cwmin=4
wme_ac_be_cwmax=10
wme_ac_be_txop_limit=0
wme_ac_be_acm=0
wme_ac_vi_aifs=2
wme_ac_vi_cwmin=3
wme_ac_vi_cwmax=4
wme_ac_vi_txop_limit=94
wme_ac_vi_acm=0
wme_ac_vo_aifs=2
wme_ac_vo_cwmin=2
wme_ac_vo_cwmax=3
wme_ac_vo_txop_limit=47
wme_ac_vo_acm=0
ieee8021x=1
eapol_key_index_workaround=0
eap_server=0
own_ip_addr=127.0.0.1
auth_server_addr=127.0.0.1 # RADIUS is freeradius on the same computer
auth_server_port=1812
auth_server_shared_secret=<some secret>

I'm pretty sure I've got the test laptop plugged into the correct port.
Here switch MAC table:
jsullivan at testswitch:/etc/hostapd$ brctl showmacs switch0
port no mac addr                is local?       ageing timer
  4     00:00:39:75:f8:39       no                 3.17
  2     00:01:03:24:64:c3       no                 2.39
  3     00:08:c7:b9:db:18       yes                0.00
  2     00:09:5b:50:d9:ea       no                 2.02
  2     00:0f:b0:70:ec:42       no                 0.00
  2     00:13:20:09:b4:c9       no                49.89
  1     00:50:da:59:f4:33       yes                0.00
  2     00:90:4b:8b:5d:c3       no                 2.39
  2     00:a0:d2:17:26:1c       yes                0.00
  4     00:c0:f0:59:99:0c       yes                0.00
  2     02:00:00:00:00:03       no                40.91
  2     aa:00:00:15:60:3a       no                26.95
  2     aa:00:00:4b:17:90       no                 2.02
  2     aa:00:00:57:ff:f9       no                32.93
      * 

00:c0:f0:59:99:0c is the MAC being reported by hostapd stdout and it
shows on port 4.  00:00:39:75:f8:39 is the MAC address of the laptop and
also shows on port 4.

This is a high priority project for us so any help is greatly
appreciated.  Thanks - John
-- 
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsullivan at opensourcedevel.com

If you would like to participate in the development of an open source
enterprise class network security management system, please visit
http://iscs.sourceforge.net




More information about the HostAP mailing list