How to build 802.1x auth in the management vlan environment?

DJ HENRY henry1412 at gmail.com
Sat Jun 6 09:40:17 EDT 2009


*I am sorry sending a no newline document last time, I send the **document
again with the other mailbox.*
*
I have used 802.1x auth with freeradius-2.1.3,hostapd-0.4.8 and
wpa_supplicant-o.4.8 period of time,it's running well.

The network  framework was:
----------------------------------------------------------------------------------------------------------------------
**radius server** (**freeradius**)--cisco 3500 switch--a nas device(**
hostapd**)--a terminal device(wpa_supplicant)--a computer.
**
----------------------------------------------------------------------------------------------------------------------
*
*The terminal device could sended a 802.1x auth request to the **radius
server by the nas device.

For the safe management, we added the management vlan in the **cisco 3500
switch, the nas device and the terminal device.**The network  framework has
changed to this:
**
----------------------------------------------------------------------------------------------------------------------
*
*radius server** (**freeradius**)--(vlan trunk)cisco 3500 switch(vlan id
100)--a nas device(**hostapd,**vlan id 100**)--a terminal
device(wpa_supplicant**,**vlan id 100**)--a computer.
**
----------------------------------------------------------------------------------------------------------------------
*
*I can be sucess ping the  nas device  from  the  terminal device  before
enable  802.1x auth.When I enable the hostapd daemon in the nas device and
enable the wpa_supplicant daemon in the terminal device, the auth info
cann't pass the nas device.

The hostapd log:
**
----------------------------------------------------------------------------------------------------------------------
*
*br0: STA 00:0f:1e:00:00:83 IEEE 802.1X: start authentication
br0: STA 00:0f:1e:00:00:83 IEEE 802.1X: unauthorizing port
br0: STA 00:0f:1e:00:00:83 IEEE 802.1X: EAP timeout
br0: STA 00:0f:1e:00:00:83 IEEE 802.1X: aborting authentication
br0: STA 00:0f:1e:00:00:83 IEEE 802.1X: EAP timeout
br0: STA 00:0f:1e:00:00:83 IEEE 802.1X: aborting authentication
br0: STA 00:0f:1e:00:00:83 IEEE 802.1X: unauthorizing port
**
The **terminal 00:0f:1e:00:00:83 auth info can pass the  nas device in  the
no  management vlan environment, but failed in **in  the management vlan
environment.

How to build 802.1x auth in the management vlan environment? Thank you very
much!!!*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20090606/472c7a36/attachment.htm 


More information about the HostAP mailing list