802.1X Cofiguration query - can 802.1X authentication be optional?

lloyd lloyd
Sun Oct 1 15:23:38 PDT 2006


On Wed, 27 Sep 2006, Jouni Malinen wrote:
> On Tue, Sep 19, 2006 at 06:11:28PM +0100, lloyd wrote:
>
> > Basically we want to run 802.1X alongside traditional WLAN user
> > authentication systems such as NoCat, WifiDog etc which run at the
> > transport level.  As such we need to make 802.1X authentication 'optional'
> > where failed connections are redirected to a different vlan.  We can then
> > run NoCat or whatever on traffic from this vlan.
>
> > Basically we're looking to implement this proprietary feature in Open
> > Source on a wireless AP, however I cannot see anything in HostAPd
> > configuration to allow it.  Any thoughts/comments on this would be
> > useful.
>
> This is not yet supported by the open source hostapd. However, I'm in
> the process of merging in support for dynamic VLANs into hostapd from
> Devicescape tree. This does not yet provide the exact functionality that
> you are asking for here, but it provides the basics needed for
> supporting dynamic selection of VLAN based on RADIUS server response.
> The only needed addition would be to add a configuration option that
> maps access rejects to a specific VLAN ID. This should be easy to add
> once the core functionality for dynamic VLANs is merged in.

Hi Jouni,

Thanks for your response, and the good news.  Are you able to provide some
sort of timescale for this?

Many thanks for the development effort.

-l




More information about the Hostap mailing list