hostapd + dhcpd (+ FreeRADIUS?) and two different kinds of clients
lev at serebryakov.spb.ru
Tue Sep 12 13:46:21 EDT 2006
Now I have simple WPA2 EAP-TLS only configuration and it works perfectly. But I need to add ability to `plug' some temporary clients with restricted access fast (without issuing certificates).
I see something like this scheme:
FreeBSD host-based AP (with help from hostapd, of course) with TWO modes of authorization, works in same time:
(1) WPA2 EAP-TSL
Cleint after authorization gots dynamic IP and firewall is updated with this IP _AND_ client MAC (it can be done with script, plugged to isc-dhcpd). IPs should be from differnet networks for trusted and untrusted cleints. DHCP lease should be forced to expire (and firewal updated as result, but it is not a problem, of course, as soon as dhcpd is informed) when client de-autorized in terms of WPA2 or after timeout.
It seems, that I need some interoperability between hostapd and dhcpd (may be, with help of FreeRADIUS). Is it possible?
Or, maybe, here is better solution?
Or, maybe, here is better list for this question?
Lev mailto:lev at serebryakov.spb.ru
More information about the HostAP