> On 18 Oct 2017, at 21:39, Charles Sprickman <sp...@bway.net> wrote: > > >> On Oct 18, 2017, at 1:10 PM, Peter Ankerstål <pe...@pean.org> wrote: >> >>> >>> I’m under the impression that the authenticator function in a wired network >>> is usually part of the switch, and the switch will talk to some >>> authentication server like RADIUS, giving it the port number of the >>> connected device and additional information. >>> >>> If FreeBSD had such a function, I think it would be limited to >>> point-to-point Ethernet links, 802.1x being a link-layer protocol. >>> >> >> Yes I know, but this is functional in hostapd for Linux and it would be nice >> to have it in FreeBSD as well. > > I’m not seeing this in FreeBSD, but pfsense does claim to support 802.1x for > wifi. > > I just happen to be reading about radius (last I used it was for dialup) for > wifi auth and the quick overview on the radius side of things is that the AP > software sends your auth info as well as MAC and a bunch of other stuff, and > the radius server (much like dialup) sends back all sorts of info beyond auth > success/fail - session timeout, info on what VLAN the client may be on, > firewall policies, etc. Pretty cool stuff.
802.1X (or WPA2 Enterprise) works fine with hostapd for wireless in FreeBSD. Well, the authentication at least. I havent tried assigning clients to specific vlans and so on but according to the documentation it is possible.
smime.p7s
Description: S/MIME cryptographic signature
