hostapd with wired conf
j at w1.fi
Wed Oct 31 23:36:57 EDT 2007
On Wed, Oct 31, 2007 at 03:44:09PM +0800, ?????? wrote:
> I want to implement Authenticator on my network,
> and I saw hostapd have "wired" configuration in it.
> After I implement this conf file,
> the host connect from eth0 still can access the network....
> Is there any set I missed?
hostapd does not implement the IEEE 802.1X port access entity (PAE) that
would actually be needed to filter packets. In other words, hostapd
alone is not enough implement a wired authenticator+port control.
hostapd provides an implementation for the EAPOL Authenticator state
machines and can take care of authentication using EAP.
Depending on your network configuration (e.g., whether this device would
be a bridge between wired interfaces), an additional component would be
needed to control which packets are allowed to go through the device.
There is an implementation that took care of at least some
configuration, but I do not know what is the current status of this
Jouni Malinen PGP id EFC895FA
More information about the HostAP