Using hostapd behind the AP (on the wired side)

Jan Lühr listen
Tue Sep 27 00:31:26 PDT 2005


Am Dienstag, 27. September 2005 01:02 schrieb Bryan J. Smith:
> All:
> Totally new to the project, so I'll post short in case
> someone else has already asked this.
> I'm kinda interested in using hostapd on a system "behind the
> AP" (on the wired) offering what it can.
> - Serve out [dynamic] WEP key to WAP-capable STA, when AP is
> WEP-only.  Use this "behind the AP" box so WEP keys can be
> served out via hostapd to WAP/11i-capable STAs, when the AP
> only does WEP (would 802.1X/WAP/11i frames still go through
> the AP to this box?).  The box will also handle resetting the
> WEP on the AP (e.g., http post if we have to ;-).

Usually you use VPN-based approaches in this scenario. Why do you want to use 
WPA? AFAIK WinXP is the first Win32 / Win64 actually supporting WPA - and 
there are hardly any applications supporting non-PSK WPA shipped with wlan 
cards. AFAIK wpa_supplicant/Win32 is in development and if you follow this 
list, you'll find problems refering some cards.

> - Offer Radius authentication to non-standard APs and/or STA
> that can have a radius client.  As an option for some newer
> mesh networks and their APs/STAs (which are still very
> proprietary).

What is a "standard AP" in you opinion?

AFAIK freeradius is an independent project not covered by hostap.

> - Last resort blocking (box as a wired bridge):  Even though
> a station might associate with an "open system" AP that isn't
> WPA/11i-capable, we could block "behind the AP" at the wire,
> if a STA does not clear WPA/11i authentication (again, can
> 802.1X/WAP/11i from a STA reach "behind the AP"?).

A lot of people use IPSec for these issues.

> Ultimate we're looking to build an AP with hostAP in it, of
> course.

So - why don't you do this?
I guess most people just get appropriate hardware and have less problems.

Keep smiling

More information about the Hostap mailing list