Re: 802.1x Problems


From: Lei chuanhua (ch_lei_at_powermatic.com.sg)
Date: 2002-10-10 00:29:37 UTC


>> 2. Unicast packets. 802.1x supplicant will be authenticated to
>> radius server via AP. if success, supplicant will get one WEP key. At the
>> same time, Radius server will send one same WEP key copy to AP. So if
>> there are many 802.1x supplicants, AP will keep every supplicant WEP key
>> for encryption and decryption. HostAP will do it easily because it use
>> host encryption and can receive and transmit mulitple keys.
>>
>> Now my question is, if we use firmware-based AP, and we can't use
>> host encryption(most verdors except intersil). How does it process
>> mulitple keys? In general, firmware -based AP can only proccess one
>> key(determined by key index). But in the market, I have seen so many
>> vendors support 802.1x, and most of them use firmware -based AP. I guess
>> that Fimware-based AP will do it like hostAP with 802.1x support. But I
>> am not sure.

Many firmware versions allow for per-client keys (key mapping keys they're called -- this has been part of the 802.11 spec for a long time, even if it was not always used or implemented by everybody), though the way to do that may not be documented (for the general public at least). Even Intersil has a RID to set those keys (FC29 iirc), it's just not clear whether that works in all cases or only if tertiary (ap) firmware is present, or how it works (the format of the data to provide).    

 In fact, agere(previously orinoco) wireless cards don't support keymapping, but its AP 2000 and other series of wireless products indeed support 802.1x. Does anyone know how it implemented 802.1x in principle? I just need some lights from conception of orinoco AP. I suspect orinoco AP firmware supports keymapping, but I ask their sales representative who told me that they don't support keymapping. So I am confused.....

          Thanks very much
                      hualab


This archive was generated by hypermail 2.1.4.