How to build 802.1x auth in the management vlan environment?

Sat Jun 6 06:26:28 PDT 2009

I have used 802.1x auth with freeradius-2.1.3,hostapd-0.4.8 and wpa_supplicant-o.4.8 period of time,it's running well.

The network  framework was:radius server (freeradius)--cisco 3500 switch--a nas device(hostapd)--a terminal device(wpa_supplicant)--a computer.The terminal device could sended a 802.1x auth request to the radius server by the nas device.

For the safe management, we added the management vlan in the cisco 3500 switch, the nas device and the terminal device.The network  framework has changed to this:radius server (freeradius)--(vlan trunk)cisco 3500 switch(vlan id 100)--a nas device(hostapd,vlan id 100)--a terminal device(wpa_supplicant,vlan id 100)--a computer. I can be sucess ping the  nas device  from  the  terminal device  before  enable  802.1x auth.When I enable the hostapd daemon in the nas device and enable the wpa_supplicant daemon in the terminal device, the auth info cann't pass the nas device.

The hostapd log:
br0: STA 00:0f:1e:00:00:83 IEEE 802.1X: start authentication
br0: STA 00:0f:1e:00:00:83 IEEE 802.1X: unauthorizing port
br0: STA 00:0f:1e:00:00:83 IEEE 802.1X: EAP timeout
br0: STA 00:0f:1e:00:00:83 IEEE 802.1X: aborting authentication
br0: STA 00:0f:1e:00:00:83 IEEE 802.1X: EAP timeout
br0: STA 00:0f:1e:00:00:83 IEEE 802.1X: aborting authentication
br0: STA 00:0f:1e:00:00:83 IEEE 802.1X: unauthorizing port

The terminal 00:0f:1e:00:00:83 auth info can pass the  nas device in  the  no  management vlan environment, but failed in in  the management vlan environment.

How to build 802.1x auth in the management vlan environment? Thank you very much!!!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20090606/2b8f9dbf/attachment.htm 