3

Our device is a router running Linux 2.6.19 and we require 802.1x authentication for clients connecting to the built-in switch on the LAN side.

The switch does not provide any support for 802.1x. I have installed hostapd on the router which uses a RADIUS back-end, but this appears to be useless without the port authentication entity.

Is it possible to implement the Port Authentication Entity or similar feature in software?

Mike Pennington
  • 41,899
  • 19
  • 136
  • 174
Tom Salmon
  • 31
  • 1
  • 2
  • You will probably get better answers on [ServerFault](http://serverfault.com/); if you repost there, please delete this question. – Mike Pennington Jun 24 '11 at 16:12

1 Answers1

3

Yes this is possible. HostAPd has PAE built in. You may just have some configuration issues.

These guys were trying to get hostapd/freeradius to work with wired interfaces for 802.1x authentication.

Here is another possible resource for you

If you really wanted to role your own PAE, you'd have to hook into the netfilter stack at the kernel level and authenticate MACs entering the bridging stack before you forward their frames. See more about netfilter hooking at netfilter hooks

Steve Lazaridis
  • 2,210
  • 1
  • 15
  • 15