> Am 18.10.2017 um 18:35 schrieb Peter Ankerstål <pe...@pean.org>: > > > >> On 17 Oct 2017, at 22:27, Chris Ross <cross+free...@distal.com> wrote: >> >> >> wpa_supplicant is the client we use at work, on Linux systems. But, it’s >> also the tool described in the FreeBSD wireless configuration pages, so I >> know it can be used there. >> >> I haven’t tried FreeBSD with wired 802.1x myself, but just a thought I had. >> >> - Chris >> > Its my understanding that wpa_supplicant is actually a working client in > FreeBSD. But I’m looking for the server side of this. > > It would be just fine if it worked just like hostapd (control access of one > nic) and dont have any control over switchports or whatever. Another nice way > of doing it would be to have some sort of integration with authpf or pf > itself.
I’m under the impression that the authenticator function in a wired network is usually part of the switch, and the switch will talk to some authentication server like RADIUS, giving it the port number of the connected device and additional information. If FreeBSD had such a function, I think it would be limited to point-to-point Ethernet links, 802.1x being a link-layer protocol. Stefan -- Stefan Bethke <s...@lassitu.de> Fon +49 151 14070811
signature.asc
Description: Message signed with OpenPGP
