EAPOL multi-auth patch

Peter Dersén peter.dersen at axis.com
Thu Jun 7 23:44:38 PDT 2018


I'm working at Axis Communication AB in Lund, Sweden, as Software Engineer with customer related cases.

We have experienced problems during eap-tls authentications when many clients tries to use the same port
in a Cisco environment where the switch has been configured with a multi-auth option.

The problem occur when several clients sending authentication requests that are received by clients that
already have started their authentication sequence. The received packets from the other clients cause the
eapol state machine to enter the wrong state making the authentication fail.

Please check the attachment for further details.

We have used this patch for several years in many installations and have not seen any negative side effects.

Please give us your opinion and advice how we should proceed to push a solution into
wpa supplicant official codebase for future releases.

Best Regards,
Peter Dersén
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-802.1X-multi-auth-fix.patch
Type: application/octet-stream
Size: 2473 bytes
Desc: 0001-802.1X-multi-auth-fix.patch
URL: <http://lists.infradead.org/pipermail/hostap/attachments/20180608/bc1ad512/attachment.obj>

More information about the Hostap mailing list