Date: Sat, 21 Oct 2017 17:45:39 +0200 From: Peter Blok <pblok@bsd4all.org> To: =?utf-8?Q?Peter_Ankerst=C3=A5l?= <peter@pean.org> Cc: Charles Sprickman <spork@bway.net>, FreeBSD Stable <freebsd-stable@freebsd.org>, Stefan Bethke <stb@lassitu.de>, Chris Ross <cross+freebsd@distal.com> Subject: Re: 802.1X authenticator for FreeBSD Message-ID: <90C2260F-D7E1-4EF6-824C-EA90C09F0B82@bsd4all.org> In-Reply-To: <82E419D4-4FB4-402A-ACC9-C58D498461BE@pean.org> References: <C34FB467-C2DB-4B59-9DD2-2491E7A136F1@pean.org> <AE175682-AD2B-4DAC-AF4C-3B6F3CDB7449@distal.com> <2D461E1D-895F-4D31-9834-A40DEF02F121@pean.org> <4F45AC20-57F9-4246-836E-4F1C1D01FAC2@lassitu.de> <2B2D49E0-F804-4557-9DB5-A915A8578070@pean.org> <3F040A9B-B03F-4FD5-B1DC-70BD8AFCC829@bway.net> <82E419D4-4FB4-402A-ACC9-C58D498461BE@pean.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Although WPA2 enterprise authentication works perfectly on FreeBSD with = free radius, some functionality (like the built in DHCP) is not = implemented due to lack of PF_LINK, SOCK_RAW. FreeBSD uses bpf for this. Don=E2=80=99t know if this is required for what you want, but be aware. I am interested in switch port authentication, but haven=E2=80=99t found = the time to dig into the matter. And I refuse to use Linux=E2=80=A6. Peter > On 20 Oct 2017, at 07:32, Peter Ankerst=C3=A5l <peter@pean.org> wrote: >=20 >=20 >=20 >> On 18 Oct 2017, at 21:39, Charles Sprickman <spork@bway.net> wrote: >>=20 >>=20 >>> On Oct 18, 2017, at 1:10 PM, Peter Ankerst=C3=A5l <peter@pean.org> = wrote: >>>=20 >>>>=20 >>>> I=E2=80=99m under the impression that the authenticator function in = a wired network is usually part of the switch, and the switch will talk = to some authentication server like RADIUS, giving it the port number of = the connected device and additional information. >>>>=20 >>>> If FreeBSD had such a function, I think it would be limited to = point-to-point Ethernet links, 802.1x being a link-layer protocol. >>>>=20 >>>=20 >>> Yes I know, but this is functional in hostapd for Linux and it would = be nice to have it in FreeBSD as well.=20 >>=20 >> I=E2=80=99m not seeing this in FreeBSD, but pfsense does claim to = support 802.1x for wifi. >>=20 >> I just happen to be reading about radius (last I used it was for = dialup) for wifi auth and the quick overview on the radius side of = things is that the AP software sends your auth info as well as MAC and a = bunch of other stuff, and the radius server (much like dialup) sends = back all sorts of info beyond auth success/fail - session timeout, info = on what VLAN the client may be on, firewall policies, etc. Pretty cool = stuff. >=20 > 802.1X (or WPA2 Enterprise) works fine with hostapd for wireless in = FreeBSD. Well, the authentication at least. I havent tried assigning = clients to specific vlans and so on but according to the documentation = it is possible.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?90C2260F-D7E1-4EF6-824C-EA90C09F0B82>