EAP-TTLS/EAP-TLS with freeRADIUS
p.mayers at imperial.ac.uk
Sun Nov 27 10:35:32 CET 2011
On 11/26/2011 11:49 PM, Mr Dash Four wrote:
>>> so it is, you can only protect your AP client with the shared secret
>> Not necessarily. If the switch to which the WAP is connected supports
>> 802.1x, it could act as a NAS and authenticate the WAP with EAP/TLS.
> By WAP I take it you mean the wireless client, right? If so, this is
No. WAP == Wireless Access Point.
> indeed the case - the client will be a Linux-based device with
> wpa_supplicant and a driver which supports nl80211/cfg80211, so I can
> configure - at least on the client's part - EAP-TTLS/EAP-TLS
> authentication. My aim is to do the same on AP and RADIUS, which is the
> point of actually starting this thread as my "experience" with RADIUS is
So you keep saying. I note however that it doesn't stop you from making
judgements on its security, and you're getting a lot of stick for that
(from me and others).
Seriously - it's good you want to learn. But why not do that first, then
ask questions based on the knowledge you've acquired and, hopefully,
understood? If you're missing basic terms like "WAP" i.e. a Wireless
Access Point, then I've got to say, you've got some work to do on the
In brief, Ian was suggesting it's possible for the wireless AP to act as
an 802.1x client to the upstream ethernet switch (if that's the
topology). This is correct, but not IMO relevant to your concerns
(however misguided) or questions.
More information about the Freeradius-Users