802.1x wired and hostapd
Thu Jun 18 11:38:15 PDT 2015
-----BEGIN PGP SIGNED MESSAGE-----
Switches and routers usually do switching in hardware, not using linux
About those sta events, actually not sure what about eap logoff. a
station should be deauthorized immediately after a cable is removed.
although such a command may exist too, right?
W dniu 2015-06-18 o 20:33, Jouni Malinen pisze:
> On Thu, Jun 18, 2015 at 08:03:28PM +0200, Micha? Zegan wrote:
>> I am curious if there is going to be sufficient interest,
>> considering that someone may want to make a managed switch with
>> linux on it, and then it would be really really nice if that
>> would work, at least the first thing.
> I'm not sure. This has come up every now and then (maybe once a
> year or so)..
>> About modifying ebtables I would prefer something like
>> connect/disconnect scripts, or really listening to events,
>> especially because of nftables, and maybe for other reasons,
>> including people who want full control over layout of their
>> rules. I am interested in all of that without a specific reason,
>> I would even happily play with a multiport ethernet card or few
>> ethernet cards attached to a pc to create a software switch just
>> for fun, but I do not have any of those to ever try that.
> That should be doable already with the current hostapd version.
> hostapd sends AP-STA-CONNECTED and AP-STA-DISCONNECT event messages
> on the control interface whenever a station gets
> authorized/unauthorized. That message includes the MAC address of
> the station.
> NEW_STA control interface command can be used to trigger EAPOL
> authentication based on link up events detected by an external
> If you are interested in getting a convenient test setup for this,
> some of the OpenWrt compatible APs with an integrated 4-5 port
> switch are likely to provide sufficient control to the Linux driver
> to implement something like this. This may require some fine-tuning
> of the bridge parameters and/or the driver to change default mode
> in which those are normally used with one WAN port and four LAN
> ports with hardware switching, but anyway, the actual hardware
> components are likely to support full software control.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
-----END PGP SIGNATURE-----
More information about the Hostap