Using hostapd behind the AP (on the wired side)
Tue Sep 27 00:31:26 PDT 2005
Am Dienstag, 27. September 2005 01:02 schrieb Bryan J. Smith:
> Totally new to the project, so I'll post short in case
> someone else has already asked this.
> I'm kinda interested in using hostapd on a system "behind the
> AP" (on the wired) offering what it can.
> - Serve out [dynamic] WEP key to WAP-capable STA, when AP is
> WEP-only. Use this "behind the AP" box so WEP keys can be
> served out via hostapd to WAP/11i-capable STAs, when the AP
> only does WEP (would 802.1X/WAP/11i frames still go through
> the AP to this box?). The box will also handle resetting the
> WEP on the AP (e.g., http post if we have to ;-).
Usually you use VPN-based approaches in this scenario. Why do you want to use
WPA? AFAIK WinXP is the first Win32 / Win64 actually supporting WPA - and
there are hardly any applications supporting non-PSK WPA shipped with wlan
cards. AFAIK wpa_supplicant/Win32 is in development and if you follow this
list, you'll find problems refering some cards.
> - Offer Radius authentication to non-standard APs and/or STA
> that can have a radius client. As an option for some newer
> mesh networks and their APs/STAs (which are still very
What is a "standard AP" in you opinion?
AFAIK freeradius is an independent project not covered by hostap.
> - Last resort blocking (box as a wired bridge): Even though
> a station might associate with an "open system" AP that isn't
> WPA/11i-capable, we could block "behind the AP" at the wire,
> if a STA does not clear WPA/11i authentication (again, can
> 802.1X/WAP/11i from a STA reach "behind the AP"?).
A lot of people use IPSec for these issues.
> Ultimate we're looking to build an AP with hostAP in it, of
So - why don't you do this?
I guess most people just get appropriate hardware and have less problems.
More information about the Hostap