It appears my original email below got bounced.
On 10/12/17, 12:38 PM, "Grewal, Ajay (GE Power)" <Ajay.Grewal@xxxxxx> wrote:
Hi,
I have setup an AP (hostapd w/ ath9k) to use RADIUS to authenticate a 4addr mode client (wpa_supplicant w/ath9k) using WPA2/EAP-TLS. The authentication is successful and the AP/VLAN interface is created for the client and added to the bridge, however no traffic passes between the AP and Client (between respective bridge interfaces). The same setup with WPA2/PSK works fine. It appears that in WPA2/PSK the client is correctly shown connected to AP/VLAN interface, where-as in WPA2/EAP-TLS case, the client is shown connected to base wlan0 interface (instead of wlan0.sta1):
WPA2/PSK:
# iw dev wlan0.sta1 station dump
Station 00:06:3d:0a:a8:0a (on wlan0.sta1)
inactive time: 14450 ms
rx bytes: 1106
rx packets: 11
tx bytes: 1387
tx packets: 12
tx retries: 10
tx failed: 0
signal: -85 [-85, -96] dBm
signal avg: -82 [-83, -96] dBm
tx bitrate: 6.5 MBit/s MCS 0
rx bitrate: 6.5 MBit/s MCS 0
expected throughput: 0.301Mbps
authorized: yes
authenticated: yes
preamble: short
WMM/WME: yes
MFP: no
TDLS peer: no
connected time: 30 seconds
# iw dev wlan0 station dump
#
WPA2/EAP-TLS:
# iw dev wlan0.sta1 station dump
#
# iw dev wlan0 station dump
Station 00:06:3d:0a:a8:0a (on wlan0)
inactive time: 14000 ms
rx bytes: 9455
rx packets: 79
tx bytes: 2714
tx packets: 14
tx retries: 4
tx failed: 0
signal: -84 [-85, -94] dBm
signal avg: -85 [-85, -94] dBm
tx bitrate: 1.0 MBit/s
rx bitrate: 1.0 MBit/s
expected throughput: 0.63Mbps
authorized: yes
authenticated: yes
preamble: short
WMM/WME: yes
MFP: no
TDLS peer: no
connected time: 708 seconds
In both cases, the AP/VLAN interface is added to bridge correctly.
# brctl show
bridge name bridge id STP enabled interfaces
br1 8000.00063d070bb4 no eth1
wlan0
wlan0.sta1
hostapd/wpa_supplicant version: 2.7-devel (master@872d0f93cc14842e160e04fec7875a49c571aad8)
The configuration files (h-*.conf for hostapd and w-*.conf for wpa_supplicant) and hostapd debug log files (h-wpa2-e-ccmp-r.log for WPA2/EAP-TLS and h-wpa2-p-ccmp-r.log for WPA2/PSK) are attached. I’d appreciate any guidance/insights to help resolve the issue and/or any pointers to relevant code section to debug.
Thanks
Ajay
Attachment:
WPA2-EAPTLS-4addr-issue-20171012.zip
Description: WPA2-EAPTLS-4addr-issue-20171012.zip
_______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
