Although WPA2 enterprise authentication works perfectly on FreeBSD with free radius, some functionality (like the built in DHCP) is not implemented due to lack of PF_LINK, SOCK_RAW. FreeBSD uses bpf for this.
Don’t know if this is required for what you want, but be aware. I am interested in switch port authentication, but haven’t found the time to dig into the matter. And I refuse to use Linux…. Peter > On 20 Oct 2017, at 07:32, Peter Ankerstål <pe...@pean.org> wrote: > > > >> On 18 Oct 2017, at 21:39, Charles Sprickman <sp...@bway.net> wrote: >> >> >>> On Oct 18, 2017, at 1:10 PM, Peter Ankerstål <pe...@pean.org> wrote: >>> >>>> >>>> I’m under the impression that the authenticator function in a wired >>>> network is usually part of the switch, and the switch will talk to some >>>> authentication server like RADIUS, giving it the port number of the >>>> connected device and additional information. >>>> >>>> If FreeBSD had such a function, I think it would be limited to >>>> point-to-point Ethernet links, 802.1x being a link-layer protocol. >>>> >>> >>> Yes I know, but this is functional in hostapd for Linux and it would be >>> nice to have it in FreeBSD as well. >> >> I’m not seeing this in FreeBSD, but pfsense does claim to support 802.1x for >> wifi. >> >> I just happen to be reading about radius (last I used it was for dialup) for >> wifi auth and the quick overview on the radius side of things is that the AP >> software sends your auth info as well as MAC and a bunch of other stuff, and >> the radius server (much like dialup) sends back all sorts of info beyond >> auth success/fail - session timeout, info on what VLAN the client may be on, >> firewall policies, etc. Pretty cool stuff. > > 802.1X (or WPA2 Enterprise) works fine with hostapd for wireless in FreeBSD. > Well, the authentication at least. I havent tried assigning clients to > specific vlans and so on but according to the documentation it is possible. _______________________________________________ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
