Using wpa_supplicant and hostapd over Wired LAN for EAP-SIM
Mon Sep 10 06:44:10 PDT 2012
Any pointer/hint regarding the below discussion will be appreciated.
On Fri, Sep 7, 2012 at 5:42 PM, Chaudry Chaudry <novalystitag at gmail.com>wrote:
> Hi Jouni,
> Thanks for the quick response. Actually, the main idea of sending EAPOL
> packets over UDP is that I want to map the access layer authentication
> mechanism to application layer (just like to mimic the concept of WISPr
> which does for example the eap packets handling over the application
> layer). The main requirement of using the hostapd as switch/wireless AP is
> to avoid the real hardware and have software based authenticator /Radius
> I have found one more link where wpa_supplicant and hostapd are tested on
> wired LAN for EAP-PEAP.
> Can we try the same thing with EAP-SIM where:
> wpa_supplicant (supplicant) <--> hostapd (authenticator + AAA Server)
> I have also played with the eapol_test, but it combines the supplicant and
> Radius Client. I am trying to use the wpa_supplicant as EAP-Peer and
> hostapd as EAP-Authenticator (standalone or with co-located AAA Server). If
> hostapd is used as EAP-Authenticator only, then it is flexible to use it
> with external AAA Server e.g. FreeRadius.
> wpa_supplicant (supplicant) <--> hostapd (authenticator) <----> FreeRadius
> (AAA Server)
> Any suggestions for that.
> On Fri, Sep 7, 2012 at 4:25 PM, Jouni Malinen <j at w1.fi> wrote:
>> On Fri, Sep 07, 2012 at 02:19:54PM +0200, Chaudry Chaudry wrote:
>> > I am planning to use wpa_supplicant and hostapd on the wired LAN for
>> > EAP-SIM testing.
>> > *CONFIG_CTRL_IFACE_UDP=y*
>> > Normally the EAPOL packets are transported between authenticator and
>> > supplicant and they are encapsulated within Ethernet frames directly.
>> > from the above parameter, are we changing the control interface to UDP
>> > which the EAPOL packets are encapsulated first or what?
>> No, that has nothing to do with EAPOL - it control which communication
>> mechanism is used with the control interface that wpa_supplicant
>> provides for external programs like wpa_cli.
>> > In the
>> > wpa_supplicant and hostapd, is it possible to send the eapol packets
>> > UDP between EAP-Peer and authenticator ?
>> No, that is not supported. Why would you want to send EAPOL packets over
>> > Secondly, is it possible to use the hostapd as switch (authenticator)
>> > instead of real switch for EAP-SIM testing over wired LAN. From the
>> > documentation, it can be guessed that hostapd can be configured as
>> > standalone switch as well. Did anybody try that so far?
>> While it would be possible to implement a managed wired switch with
>> hostapd used as the authenticator, this would require additional
>> components to control the IEEE 802.1X port to block frames.
>> Do you have a particular reason for running this over wired LAN and to
>> do that with full IEEE 802.1X capable switch design? What exactly are
>> you trying to test? If you are just looking for a test setup for EAP-SIM
>> testing, there are much simpler ways of doing that with hostapd and
>> wpa_supplicant (or eapol_test for that matter).
>> Jouni Malinen PGP id EFC895FA
>> HostAP mailing list
>> HostAP at lists.shmoo.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Hostap