Got long REAUTH_TIMER state if auth via HUB

Jouni Malinen j at w1.fi
Tue Mar 18 10:51:47 EDT 2008


On Wed, Mar 05, 2008 at 02:55:58PM +0300, Skryabin Dmitry wrote:

> I whant use hostapd like wired 802.1x autheinteficator, but in 
> all versions of hostapd & in all cases i'll got this error
> 
> 1) i'll connect client via simplest hub( like compex ps2208B or via management L2)
> server_eth <-----> hub <---------> client_eth
> & got long reauth_timer state in all cases of auth |md5, peap or tls|, but nothing more :((((

> 2) But all work if i connect client direct to server
> server_eth <-----> client_eth in all cases of auth |md5, peap or tls|

It looks like hostapd is not receiving EAPOL frames from the client in
case of the first configuration. Have you used a packet sniffer (e.g.,
tcpdump or wireshark) to verify whether the client sees the EAPOL frames
from hostapd? I would suggest doing this both on the client device and
on the device that runs hostapd and verify whether either one sees EAPOL
frames from the other device.

A simple hub should not really change anything here. However, Compex
PS2208B is not a hub, it is a switch. Are you sure it is not filtering
out EAPOL frames?

> 3) Can i use hostapd via VLANS like this
> client_eth <----> L2 <---VLAN_TARGED---->server_eth0.x |upped endpoint of VLAN + hostapd on it| 

I've never tried this type of configuration. If the network device that
hostapd is using is delivering untagged EAPOL frames, it could allow
authentication to go through. Just keep in mind that this type of
configuration does not have any control on the IEEE 802.1X port unless
you add some external mechanism for controlling the switch ports based
on hostapd authentication result.

-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list