hostapd authenticator for MKA

Alan Carr alan.m.carr at
Sun Apr 7 17:25:21 PDT 2019

Hi all,

I was searching around and I just wanted to confirm that right now MKA for
MACSEC is not supported under hostapd as the authenticator.
I took a git clone and tried using eapol_version=3 with hostapd to match the
requirement for wpa_supplicant but it appears to not be supported:


./hostapd -dd -i enp2s0 wired_mka.conf
random: Trying to read entropy from /dev/random
Configuration file: wired_mka.conf
Line 15: invalid EAPOL version (3): '3'.
1 errors found in configuration file 'wired_mka.conf'
Failed to set up interface with wired_mka.conf
hostapd_init: free iface 0x1be7600
Failed to initialize interface


Is the only way to use MKA on two Linux machines to used shared CAK/CKN via
two wpa_supplicants?
Obviously excluding any proprietary MKA stacks that are out there.
My goal was to use hostapd as the authenticator with a local radius support,
and authenticate one or more client/wpa_supplicants for MACSEC using MKA.


More information about the Hostap mailing list