802.1x wired and hostapd

Jouni Malinen j at w1.fi
Thu Jun 18 13:49:51 EDT 2015

On Thu, Jun 18, 2015 at 07:38:11PM +0200, Michał Zegan wrote:
> Hello. I am actually quite interested in one thing: how to implement
> 802.1x authenticated ethernet network using hostapd?
> First I know that hostapd does not detect if a cable has been plugged
> or unplugged from the interface, although I actually believe at least
> linux makes it possible.
> Also, hostapd probably cannot block unauthenticated traffic, or it can?

Neither of those are currently supported. I'd assume it would be
possible to implement automatic trigger based on Ethernet link up
events. As far as blocking traffic is concerned (PAE), that could be
controlled, e.g., through ebtables rules. hostapd does not have any code
to do that, but it should be possible to use hostapd ctrl_iface events
to implement an external program (or a simple shell script, for that
matter) to do so. If there is sufficient interest for either
functionality, I would be open to adding those into hostapd as well
based on contributions.

Jouni Malinen                                            PGP id EFC895FA

More information about the HostAP mailing list