802.1X authenticator for FreeBSD

[Peter Ankerstål]

> On 18 Oct 2017, at 21:39, Charles Sprickman <spork at bway.net> wrote:
> 
> 
>> On Oct 18, 2017, at 1:10 PM, Peter Ankerstål <peter at pean.org> wrote:
>> 
>>> 
>>> I’m under the impression that the authenticator function in a wired network is usually part of the switch, and the switch will talk to some authentication server like RADIUS, giving it the port number of the connected device and additional information.
>>> 
>>> If FreeBSD had such a function, I think it would be limited to point-to-point Ethernet links, 802.1x being a link-layer protocol.
>>> 
>> 
>> Yes I know, but this is functional in hostapd for Linux and it would be nice to have it in FreeBSD as well. 
> 
> I’m not seeing this in FreeBSD, but pfsense does claim to support 802.1x for wifi.
> 
> I just happen to be reading about radius (last I used it was for dialup) for wifi auth and the quick overview on the radius side of things is that the AP software sends your auth info as well as MAC and a bunch of other stuff, and the radius server (much like dialup) sends back all sorts of info beyond auth success/fail - session timeout, info on what VLAN the client may be on, firewall policies, etc. Pretty cool stuff.

802.1X (or WPA2 Enterprise) works fine with hostapd for wireless in FreeBSD. Well, the authentication at least. I havent tried assigning clients to specific vlans and so on but according to the documentation it is possible.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4193 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20171020/f579b054/attachment.bin>