Using wpa_supplicant and hostapd over Wired LAN for EAP-SIM

Chaudry Chaudry novalystitag
Mon Sep 10 06:44:10 PDT 2012 

Hi Jouni,
Any pointer/hint regarding the below discussion will be appreciated.

BR,
A.Chaudry

On Fri, Sep 7, 2012 at 5:42 PM, Chaudry Chaudry <novalystitag at gmail.com>wrote:

> Hi Jouni,
> Thanks for the quick response. Actually, the main idea of sending EAPOL
> packets over UDP is that I want to map the access layer authentication
> mechanism to application layer (just like to mimic the concept of WISPr
> which does for example the eap packets handling over the  application
> layer). The main requirement of  using the hostapd as switch/wireless AP is
> to avoid the real hardware and have software based authenticator /Radius
> Client.
>
> I have found one more link where wpa_supplicant and hostapd are tested on
> wired LAN for EAP-PEAP.
>
> http://inl.info.ucl.ac.be/blogs/08-10-01-sample-configurations-hostapd-and-wpa-supplicant-make-it-work-wired-connection
>
> Can we try the same thing with EAP-SIM where:
> wpa_supplicant (supplicant) <--> hostapd (authenticator + AAA Server)
>
> I have also played with the eapol_test, but it combines the supplicant and
> Radius Client. I am trying to use the wpa_supplicant as EAP-Peer and
> hostapd as EAP-Authenticator (standalone or with co-located AAA Server). If
> hostapd is used as EAP-Authenticator only, then it is flexible to use it
> with external AAA Server e.g. FreeRadius.
>
> wpa_supplicant (supplicant) <--> hostapd (authenticator) <----> FreeRadius
> (AAA Server)
>
> Any suggestions for that.
>
> BR,
> A.Chaudry
>
>
>
> On Fri, Sep 7, 2012 at 4:25 PM, Jouni Malinen <j at w1.fi> wrote:
>
>> On Fri, Sep 07, 2012 at 02:19:54PM +0200, Chaudry Chaudry wrote:
>>
>> > I am planning to use wpa_supplicant and hostapd on the wired LAN for
>> > EAP-SIM testing.
>>
>> > *CONFIG_CTRL_IFACE_UDP=y*
>> >
>> >
>> > Normally the EAPOL packets are transported between authenticator and
>> > supplicant and they are encapsulated within Ethernet frames directly.
>> Now
>> > from the above parameter, are we changing the control interface to UDP
>> over
>> > which the EAPOL packets are encapsulated first or what?
>>
>> No, that has nothing to do with EAPOL - it control which communication
>> mechanism is used with the control interface that wpa_supplicant
>> provides for external programs like wpa_cli.
>>
>> > In the
>> > wpa_supplicant and hostapd, is it possible to send the eapol packets
>> over
>> > UDP between EAP-Peer and authenticator ?
>>
>> No, that is not supported. Why would you want to send EAPOL packets over
>> UDP?
>>
>> > Secondly, is it possible to use the hostapd as switch (authenticator)
>> > instead of real switch for EAP-SIM testing over wired LAN.  From the
>> > documentation, it can be guessed that hostapd can be configured as
>> > standalone switch as well. Did anybody try that so far?
>>
>> While it would be possible to implement a managed wired switch with
>> hostapd used as the authenticator, this would require additional
>> components to control the IEEE 802.1X port to block frames.
>>
>> Do you have a particular reason for running this over wired LAN and to
>> do that with full IEEE 802.1X capable switch design? What exactly are
>> you trying to test? If you are just looking for a test setup for EAP-SIM
>> testing, there are much simpler ways of doing that with hostapd and
>> wpa_supplicant (or eapol_test for that matter).
>>
>> --
>> Jouni Malinen                                            PGP id EFC895FA
>> _______________________________________________
>> HostAP mailing list
>> HostAP at lists.shmoo.com
>> http://lists.shmoo.com/mailman/listinfo/hostap
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20120910/3e969b6c/attachment.htm

More information about the Hostap mailing list