[Open1x-xsupplicant] Connecting to hostap with WEP enabled

Jouni Malinen jkmaline
Wed Mar 24 19:31:32 PST 2004

On Wed, Mar 24, 2004 at 09:55:19PM -0500, Pavel Roskin wrote:

> hostapd.conf without comments:

> ieee8021x=1
> minimal_eap=1
> wep_key_len_broadcast=5
> wep_key_len_unicast=5

minimal_eap should be fine for testing IEEE 802.1X authentication, but
you cannot use it to generate WEP keys, so this is not going to work..
Anyway, the problem you report below is happens during authentication,
so this might be enough. Anyway, you should really remove those
wep_key_len variables if you are using minimal_eap. You will need to use
external RADIUS server for WEP keying.

> On the AP side, I run ethereal in non-promiscuous mode on wlan0ap.  For
> some reason, Ethereal sees beacons form all surrounding APs, so they are
> filtered out in Ethereal.

I would recommend using wireless sniffer to verify what actually
happens.. wlan0ap should include those frames, but they can be dropped
in the driver.

> wifi0: TX: IEEE 802.1X - passing unencrypted EAPOL frame
> wifi0: WEP decryption failed (not set) (SA=00:40:36:01:7a:bf)

The client is encryptng the EAPOL pakcets (with which key???). This is
incorrect. With IEEE 802.1X, all EAPOL packets are sent unencrypted
(note that WPA changes this).

> As I understand it, either xsupplicant should not encrypt its response
> using keys from zeroes, or hostap should use the zero key for the stations
> without WEP key set.  I haven't tried either yet.

The client side driver needs to be fixed to not encrypt EAPOL packets
when in IEEE 802.1X mode even if WEP keys are configured.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list