Enforce Security - 802.1x

[Ben]

Hi,

[WPA2 - EAP-TLS with integrated Radius & EAP Server ON]
I am using hostapd for a long time and now I am testing multiple 
options, everything is working expect three things :

-I am seeing that Authentication Algorithm needs to be open for 802.1x 
so it seems that I need to use auth_alg=0 but it is only working with 
auth_alg=3.
Is someone can explain to me why ? I think 3 would be to accept both 
(802.1x and Shared key), but I would like to force it to 802.1x only..

-i80211w : I am able to join my network through an Android but 
impossible with an iPhone, anyone had been able to test it and make it work?
As soon as I required it (ieee8021w=2) I am get into an issue to connect 
(log saying that I am authenticated but no more message after this)

-Someone can explain to me the role of Key Management Algorithms?
I am trying to change from WPA-EAP to WPA-EAP-SHA256 but as soon as I do 
that my computer being confused and detects my wireless network as a 
normal WPA2 network and not a 802.1x anymore...
Is there pre-requesite to make it work properly?

Many thanks for your help :-)

belette
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.shmoo.com/pipermail/hostap/attachments/20150115/38b249f2/attachment.htm>