Fwd: Re: 802.1x wired and hostapd

Michał Zegan webczat_200 at poczta.onet.pl
Thu Jun 18 14:23:27 EDT 2015 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1




- --- Treść przekazanej wiadomości ---
Message-ID: <558307F0.5080702 at poczta.onet.pl>
Date: Thu, 18 Jun 2015 20:03:28 +0200
From: Michał Zegan <webczat_200 at poczta.onet.pl>
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:31.0) Gecko/20100101
Thunderbird/31.7.0
MIME-Version: 1.0
To: Jouni Malinen <j at w1.fi>
Subject: Re: 802.1x wired and hostapd
References: <55830203.30009 at poczta.onet.pl> <20150618174951.GA19484 at w1.f
i>
In-Reply-To: <20150618174951.GA19484 at w1.fi>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit

I am curious if there is going to be sufficient interest, considering
that someone may want to make a managed switch with linux on it, and
then it would be really really nice if that would work, at least the
first thing.
About modifying ebtables I would prefer something like
connect/disconnect scripts, or really listening to events, especially
because of nftables, and maybe for other reasons, including people who
want full control over layout of their rules.
I am interested in all of that without a specific reason, I would even
happily play with a multiport ethernet card or few ethernet cards
attached to a pc to create a software switch just for fun, but I do
not have any of those to ever try that.

W dniu 2015-06-18 o 19:49, Jouni Malinen pisze:
> On Thu, Jun 18, 2015 at 07:38:11PM +0200, Michał Zegan wrote:
>> Hello. I am actually quite interested in one thing: how to 
>> implement 802.1x authenticated ethernet network using hostapd? 
>> First I know that hostapd does not detect if a cable has been 
>> plugged or unplugged from the interface, although I actually 
>> believe at least linux makes it possible. Also, hostapd probably 
>> cannot block unauthenticated traffic, or it can?
> 
> Neither of those are currently supported. I'd assume it would be 
> possible to implement automatic trigger based on Ethernet link up 
> events. As far as blocking traffic is concerned (PAE), that could 
> be controlled, e.g., through ebtables rules. hostapd does not have 
> any code to do that, but it should be possible to use hostapd 
> ctrl_iface events to implement an external program (or a simple 
> shell script, for that matter) to do so. If there is sufficient 
> interest for either functionality, I would be open to adding those 
> into hostapd as well based on contributions.
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBAgAGBQJVgwyeAAoJEHb1CzgxXKwY8usP/3pGxRBNAUXxv00QuNXzJEKa
JzKENW9BYN2ZH6kPUnIrUoU9TpiPe2sJm3359uii0wZBGSZCUGaDvPi5l2EPpS9d
qelznYMWGrdN5c6pdgRmPhDVR7oK9Y2sapfrB+f659hwLdvGny72YfdAocfAOBgc
Zybip8QezGwLD+/SNOj2OlcUowHEkMMTkgcl7ZOGNe04WkhKd7NIgu0SgnNRKB2T
stXDpjT1OqOaJLdQ9RFHYBKmlDIo6dhMNEV1KtxE7l0gzLpPrGcG57MEq3fyeXsY
gf/Pafbx7suWQDsD9XyVhyWeKPHerJ1HKMY9dRElOMtQrFnbtgYBPG3xCCduc3lg
atEF3Njx1Cm6EAQNIn68sU9PNaPBaCVdyLOCJX7t2rAf9P2hppsVcrOsNTLUEUNY
37GFT50b110Rt1Pi6w1/eP2AC7lCELRK32pWjjcy2sTR0BEKSpALgUy1hQn1gf/A
ukRGClQal2S+zgB2M5YV0bSbVv8rgfVZ0pHRV7AfmdOc/+D2JnqUkeTuMGberXr9
plsetrxQHcF3+5XFZaLxR2mKLljhD9gMKByBTmsG2nVkiX/gAk1bi0fpKcuaR9ou
8cwtHeyurmbUrXtKCFhn2clWJhY6KfLQ4T2shjOqe0ySjfKDyN8GpSoMehXH/kES
tecCtBG33pk/TtYolh6l
=yPaS
-----END PGP SIGNATURE-----

More information about the HostAP mailing list