Non-bridging access point

Jouni Malinen j
Sun Oct 12 09:24:34 PDT 2014


On Tue, Sep 30, 2014 at 05:13:38PM +0100, Richard Lewis wrote:
> One last bit of information is the output from hostapd which looks
> like this:

> wlan0: STA c:l:i:e:n:t IEEE 802.11: associated (aid 1)
> nl80211: Add STA c:l:i:e:n:t
> WPA: Send EAPOL(version=2 secure=0 mic=0 ack=1 install=0 pairwise=1 kde_len=0 keyidx=0 encr=0)
> IEEE 802.1X: c:l:i:e:n:t TX status - version=2 type=3 length=95 - ack=1
> WPA: EAPOL-Key TX status for STA c:l:i:e:n:t ack=1

That seems to imply that hostapd is able to transmit EAPOL frames and
the station is receiving them.

> wlan0: STA c:l:i:e:n:t WPA: EAPOL-Key timeout

And that would indicate that the response from the station (if one was
sent) was not received by hostapd. Assuming the station is indeed
replying, something on the AP side (driver, network stack, etc.) is
dropping the EAPOL-Key frame before it reaches hostapd.

> I can see quite a few "EAPOL-Key timeout" messages. And then there's
> this "hostapd_wpa_auth_disconnect: WPA authenticator requests
> disconnect ... reason 2". Are these indicative of anything?

It would sound like there is something wrong in delivering EAPOL-Key
messages (or well, alternatively, the station side does not send those).

> I was just trying to investigate whether this might be related to not
> having a bridge
> configured. <http://madwifi-project.org/wiki/UserDocs/HostAP> has the
> following to say:
> 
> > If you're bridging between the wireless and wired (ie using brctl),
> > you must add a line such as:
> > 
> >   bridge=br0
> > 
> > or whatever the bridge name you are using to the config file, or the
> > WPA key exchange packets will get eaten by the bridge.

That used to be the most common reason for EAPOL frames not received at
hostapd.

> Might this be relevant? Should I try and set up some sort of dummy
> bridge?

Well, as long as you do not have wlan0 added into a bridge, that would
not apply here.

> I also notice from the example hostapd.conf file,
> 
> > If the bridge parameter is not set, the drivers will automatically
> > figure out the bridge interface (assuming sysfs is enabled and
> > mounted to /sys) and this parameter may not be needed.
> 
> Could this be happening? Could it be creating a bridge interface and
> then timing out trying to get a response from it?

hostapd won't do that, but if something else in the system adds wlan0 to
a bridge, it will break things in this way. You can check for that with
"brctl show" after having starting hostapd.

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the Hostap mailing list