Using wpa_supplicant and hostapd over Wired LAN for EAP-SIM

Jouni Malinen j
Fri Sep 7 07:25:39 PDT 2012


On Fri, Sep 07, 2012 at 02:19:54PM +0200, Chaudry Chaudry wrote:

> I am planning to use wpa_supplicant and hostapd on the wired LAN for
> EAP-SIM testing.

> *CONFIG_CTRL_IFACE_UDP=y*
> 
> 
> Normally the EAPOL packets are transported between authenticator and
> supplicant and they are encapsulated within Ethernet frames directly. Now
> from the above parameter, are we changing the control interface to UDP over
> which the EAPOL packets are encapsulated first or what?

No, that has nothing to do with EAPOL - it control which communication
mechanism is used with the control interface that wpa_supplicant
provides for external programs like wpa_cli.

> In the
> wpa_supplicant and hostapd, is it possible to send the eapol packets over
> UDP between EAP-Peer and authenticator ?

No, that is not supported. Why would you want to send EAPOL packets over
UDP?

> Secondly, is it possible to use the hostapd as switch (authenticator)
> instead of real switch for EAP-SIM testing over wired LAN.  From the
> documentation, it can be guessed that hostapd can be configured as
> standalone switch as well. Did anybody try that so far?

While it would be possible to implement a managed wired switch with
hostapd used as the authenticator, this would require additional
components to control the IEEE 802.1X port to block frames.

Do you have a particular reason for running this over wired LAN and to
do that with full IEEE 802.1X capable switch design? What exactly are
you trying to test? If you are just looking for a test setup for EAP-SIM
testing, there are much simpler ways of doing that with hostapd and
wpa_supplicant (or eapol_test for that matter).

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the Hostap mailing list