On 11/26/2011 11:49 PM, Mr Dash Four wrote:
so it is, you can only protect your AP client with the shared secret key.
Not necessarily. If the switch to which the WAP is connected supports 802.1x, it could act as a NAS and authenticate the WAP with EAP/TLS.
By WAP I take it you mean the wireless client, right? If so, this is
No. WAP == Wireless Access Point.
indeed the case - the client will be a Linux-based device with wpa_supplicant and a driver which supports nl80211/cfg80211, so I can configure - at least on the client's part - EAP-TTLS/EAP-TLS authentication. My aim is to do the same on AP and RADIUS, which is the point of actually starting this thread as my "experience" with RADIUS is nil.
So you keep saying. I note however that it doesn't stop you from making judgements on its security, and you're getting a lot of stick for that (from me and others). Seriously - it's good you want to learn. But why not do that first, then ask questions based on the knowledge you've acquired and, hopefully, understood? If you're missing basic terms like "WAP" i.e. a Wireless Access Point, then I've got to say, you've got some work to do on the fundamentals... In brief, Ian was suggesting it's possible for the wireless AP to act as an 802.1x client to the upstream ethernet switch (if that's the topology). This is correct, but not IMO relevant to your concerns (however misguided) or questions.