On 24/06/2020 02:35, Duane Murphy wrote: > How do I configure hostapd to _require_ that wired interface access is authenticated? > > I am using a wired interface configuration with the built-in hostapd authentication server. > > I can authenticate with a properly configured Windows client. > > If I set the client to not use authentication, I can still connect. There are no messages in the hostapd log that anything was even connected. > > What configuration am I missing that will require connections to be authenticated otherwise they will not be allowed to connect? > > Oddly, the client can ping and connect to server, but the server cannot ping the client. > > * Ubuntu 18.04 > * netplan; renderer: NetworkManager > * Static address configuration > > The client is configured with a static address for the same network. I have no experience with this whatsoever, but as it's been a few hours since you asked the question I'll give you the benefit of my stab in the dark :-) I would say that the machine running hostapd with the wired driver has to act as router. That is: you can't use 802.1X to prevent a client from accessing a LAN it is already physically connected to; the purpose of the wired authenticator is for it to act as a gatekeeper that allows/disallows access to a network that is reachable on the other side of the router/authenticator. So you'd need separate Ethernet networks or VLANs: one to which the clients are connected, the other providing connectivity to the resources you want the clients to authenticate in order to be able to access them. The router (running hostapd) straddles these networks or VLANs. _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap