Using tokens for 802.1x auth

David Mitton david at
Thu Mar 24 14:48:32 CET 2011

The hotel authentication is typically not done using 802.1x.
Or it's simply a shared password.
The other piece is a gateway that typically traps your HTTP traffic
and forces another authentication before it will forward your traffic  
to the outside world.

Another EAP combination would be PEAP (any flavor) and GTC.
Cisco has that in their supplicant.

Their are free EAP supplicants out there for Windows.
Cisco has a set for their cards and ACS, but they they do not require  
Cisco hw.

I would strongly look at this package:

There is a Windows build of the Linux supplicant

Juniper sells the former Funk Odyssy Access client that will do TTLS.


Quoting stasheck <stasheck.fora at>:

> 2011/3/24 Phil Mayers <p.mayers at>:
>> On 03/24/2011 08:37 AM, stasheck wrote:
>>> For WiFi, we are using H3C WX30xx Access Controllers, which try to use
>>> EAP, which in turn doesn't provide clear-text password that could be
>>> used for cerb exec.
>> It depends on your EAP methods.
>> EAP-PEAP/MSCHAP (the only useful EAP method built into windows clients)
>> won't work, as you've discovered; there are no plaintext passwords.
>> EAP-TTLS/PAP will work fine, but isn't supported on windows without external
>> software.
> OK, so maybe I should just scratch this idea? So there's another:
> some time ago I was in a hotel that granted access to it's WiFi
> network using one-time user/pass combo, issued on a piece of paper at
> the reception, valid for 24 hours. Could something like this be done
> with Freeradius? (and yes, I looked on google and, but
> I don't even have an idea how this auth mode is called, and frankly
> I'm not even sure it was 802.1x - all I know is that it worked on my
> laptop with Win7).
> /br
> Stan
> -
> List info/subscribe/unsubscribe? See   

More information about the Freeradius-Users mailing list