Wired -802.1x authentication

Scott Armitage s.p.armitage at scottarmitage.eu
Tue Dec 9 18:16:12 EST 2014


> On 9 Dec 2014, at 17:26, Sarah Thomas <sarah040.thomas at gmail.com> wrote:
> 
> Hi,
> 
>   Would like to have a 802.1x authentication on a wired set up , using wpa_supplicant, hostapd code
> 
> Wired setup - Supplicant connected via ethernet to Authenticator and Authenticator to radius server is anyways connected via ethernet
> 
> Current Setup I have: 3 Ubuntu laptops , one running wpa_supplicant, another running  hostapd as Authenticator and 3rd one as radius server. 802.1x authentication goes through fine.
> 
> Hardware requirements:
> 
> Since Authenticator(laptop), has only one ethernet port, how do we achieve connecting it to supplicant and server?

I suppose it depends on what you are trying to achieve.  The simplest way is to use a switch which supports 802.1X authentication.  Why the requirement for a laptop to act as the NAS?

> Should we use a hub/Switch or something?

Using the laptop as the NAS with a hub / switch wouldn’t work.  You need something which can individually authenticate and authorise each port.  If you used the laptop as the NAS, then once one device authenticated, all ports on the switch / would be authorised (because there is no per port control).  Whilst I have not tried it, it maybe possible to use hostapd on a device running OpenWRT to authorise / change the VLAN assignment for individual ports.

Whilst it sounds like a fun way to waste some hours (getting OpenWRT to do per port authorisations using hostapd as the authenticator), personally, I’d just get a cheap switch which can do 802.1X (perhaps I’m just lazy).  Depends what you want to do, but for a small simple setup something like a Cisco SG 200-08 8-port or HP 1910-8G should do the trick.


Regards

Scott Armitage



More information about the HostAP mailing list