802.1X authenticator for FreeBSD

Wed Oct 18 17:03:13 UTC 2017

> Am 18.10.2017 um 18:35 schrieb Peter Ankerstål <peter at pean.org>:
> 
> 
> 
>> On 17 Oct 2017, at 22:27, Chris Ross <cross+freebsd at distal.com> wrote:
>> 
>> 
>> wpa_supplicant is the client we use at work, on Linux systems.  But, it’s also the tool described in the FreeBSD wireless configuration pages, so I know it can be used there.
>> 
>> I haven’t tried FreeBSD with wired 802.1x myself, but just a thought I had.
>> 
>>          - Chris
>> 
> Its my understanding that wpa_supplicant is actually a working client in FreeBSD. But I’m looking for the server side of this.
> 
> It would be just fine if it worked just like hostapd (control access of one nic) and dont have any control over switchports or whatever. Another nice way of doing it would be to have some sort of integration with authpf or pf itself.

I’m under the impression that the authenticator function in a wired network is usually part of the switch, and the switch will talk to some authentication server like RADIUS, giving it the port number of the connected device and additional information.

If FreeBSD had such a function, I think it would be limited to point-to-point Ethernet links, 802.1x being a link-layer protocol.

Stefan

--
Stefan Bethke <stb at lassitu.de>   Fon +49 151 14070811

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 529 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20171018/63706b17/attachment.sig>