802.1X Cofiguration query - can 802.1X authentication be optional?

lloyd lloyd at bristolwireless.net
Tue Sep 19 13:11:28 EDT 2006

We provide a community wireless network across much of our city.  We
promote open source and refuse to use anything but.

We are looking at implementing an authentication system and have some
queries regarding HostAPd's 802.1X implementation.

Basically we want to run 802.1X alongside traditional WLAN user
authentication systems such as NoCat, WifiDog etc which run at the
transport level.  As such we need to make 802.1X authentication 'optional'
where failed connections are redirected to a different vlan.  We can then
run NoCat or whatever on traffic from this vlan.

An example of this in the proprietary world would be the

"auth-fail-action restricted-vlan"

configuration directive found on Foundry routers and switches (see
http://www.foundrynet.com/services/documentation/srcli/8021X_cmds.html for
notes here).

Basically we're looking to implement this proprietary feature in Open
Source on a wireless AP, however I cannot see anything in HostAPd
configuration to allow it.  Any thoughts/comments on this would be

BristolWireless Infrastructure

More information about the HostAP mailing list