Fwd: Re: 802.1x wired and hostapd
michael-dev at fami-braun.de
michael-dev at fami-braun.de
Thu Jun 18 16:27:16 EDT 2015
recent linux kernels have macvlan source mode that allows remote mac
addresses to be assigned to a virtual network interface. This can be
used to implicitly authorize clients and even assign them to VLANs.
I'm running a custom hostapd driver that uses macvlan source mode that I
can share if there is interest. They depend on libnl changes that add
macvlan source mode support to libnl.
Am 18.06.2015 um 20:23 schrieb Michał Zegan:
> --- Treść przekazanej wiadomości ---
> Message-ID: <558307F0.5080702 at poczta.onet.pl>
> Date: Thu, 18 Jun 2015 20:03:28 +0200
> From: Michał Zegan <webczat_200 at poczta.onet.pl>
> User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:31.0) Gecko/20100101
> MIME-Version: 1.0
> To: Jouni Malinen <j at w1.fi>
> Subject: Re: 802.1x wired and hostapd
> References: <55830203.30009 at poczta.onet.pl> <20150618174951.GA19484 at w1.f
> In-Reply-To: <20150618174951.GA19484 at w1.fi>
> Content-Type: text/plain; charset=utf-8
> Content-Transfer-Encoding: 8bit
> I am curious if there is going to be sufficient interest, considering
> that someone may want to make a managed switch with linux on it, and
> then it would be really really nice if that would work, at least the
> first thing.
> About modifying ebtables I would prefer something like
> connect/disconnect scripts, or really listening to events, especially
> because of nftables, and maybe for other reasons, including people who
> want full control over layout of their rules.
> I am interested in all of that without a specific reason, I would even
> happily play with a multiport ethernet card or few ethernet cards
> attached to a pc to create a software switch just for fun, but I do
> not have any of those to ever try that.
> W dniu 2015-06-18 o 19:49, Jouni Malinen pisze:
>> On Thu, Jun 18, 2015 at 07:38:11PM +0200, Michał Zegan wrote:
>>> Hello. I am actually quite interested in one thing: how to
>>> implement 802.1x authenticated ethernet network using hostapd?
>>> First I know that hostapd does not detect if a cable has been
>>> plugged or unplugged from the interface, although I actually
>>> believe at least linux makes it possible. Also, hostapd probably
>>> cannot block unauthenticated traffic, or it can?
>> Neither of those are currently supported. I'd assume it would be
>> possible to implement automatic trigger based on Ethernet link up
>> events. As far as blocking traffic is concerned (PAE), that could
>> be controlled, e.g., through ebtables rules. hostapd does not have
>> any code to do that, but it should be possible to use hostapd
>> ctrl_iface events to implement an external program (or a simple
>> shell script, for that matter) to do so. If there is sufficient
>> interest for either functionality, I would be open to adding those
>> into hostapd as well based on contributions.
> HostAP mailing list
> HostAP at lists.shmoo.com
More information about the HostAP