Using hostapd behind the AP (on the wired side)

[Bryan J. Smith]

All:  

Totally new to the project, so I'll post short in case
someone else has already asked this.

I'm kinda interested in using hostapd on a system "behind the
AP" (on the wired) offering what it can.

- Serve out [dynamic] WEP key to WAP-capable STA, when AP is
WEP-only.  Use this "behind the AP" box so WEP keys can be
served out via hostapd to WAP/11i-capable STAs, when the AP
only does WEP (would 802.1X/WAP/11i frames still go through
the AP to this box?).  The box will also handle resetting the
WEP on the AP (e.g., http post if we have to ;-).

- Offer Radius authentication to non-standard APs and/or STA
that can have a radius client.  As an option for some newer
mesh networks and their APs/STAs (which are still very
proprietary).

- Last resort blocking (box as a wired bridge):  Even though
a station might associate with an "open system" AP that isn't
WPA/11i-capable, we could block "behind the AP" at the wire,
if a STA does not clear WPA/11i authentication (again, can
802.1X/WAP/11i from a STA reach "behind the AP"?).

Ultimate we're looking to build an AP with hostAP in it, of
course.

But for now, we're looking to offer this "behind the AP"
capability.  Just curious if this is a route worth looking
at.
Thanx.


-- 
Bryan J. Smith                | Sent from Yahoo Mail
mailto:b.j.smith at ieee.org     |  (please excuse any
http://thebs413.blogspot.com/ |   missing headers)