IEEE 802.1x with dynamic WEP doesn't work in hostapd CVS
Jouni Malinen
jkmaline
Fri Nov 12 18:42:11 PST 2004
On Fri, Nov 12, 2004 at 04:39:38PM -0500, Andrew Barr wrote:
> I upgraded my AP to the latest HostAP CVS trying to resolve a WPA issue that
> now appears to be the fault of the driver (or operator) ;-). Failing to
> resolve the issue, I configured my AP to use IEEE 802.1x with dynamic WEP,
> and I could not authenticate. Running xsupplicant with -d9 for verbose
> debugging, I got this:
Could you please re-test with another client/supplicant?
> [ALL] Got Frame :
> 00 04 23 5E F9 21 00 0D - 88 50 C7 30 88 8E 02 00 ..#^.!...P.0....
> 00 05 01 00 00 05 01 .......
> [ALL] Got invalid EAPOL frame!
That frame looks correct.. Based on a quick look at xsupplicant source
code, it looks like the IEEE 802.1X/EAPOL version handling is done
incorrectly and it is dropping packets with version numbers creater than
1 even though the correct behavior for version 1 supplicant would be to
ignore the version number and process the frames as version 1 frames.
> Notice the invalid EAPOL frame message. Downgrading to the latest release
> (hostapd 0.2.5) immediately resolves the problem. Does the CVS version of
> hostapd work, or should I be sticking to stable releases here?
As far as I know, the CVS version works. The main difference between
0.2.x and 0.3.x is that 0.3.x is using newer version of EAPOL defined in
IEEE 802.1X-REV. This looks like a supplicant issue, so I would
recommend reporting this on xsupplicant mailing lists. You should also
be able to use wpa_supplicant which supports new EAPOL version number.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list