Re: MKA and group addresses (peers discovery)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

as you noticed peer discovery takes place using EAP-MKA frames, addressed as 802.1X PAE. On a `true` broadcast LAN this would suffice, with our switched LANs the peers become the switch ports. To influence this behaviour either the addressing needs to be changed (so the switch port won’t pick up the frames) or the switch needs to be made transparent for these frames. 

I don’t have experience with the context you’re working in, what I do know is that the Linux bridge has a sysctl for this. See this commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=515853ccecc6987dfb8ed809dd8bf8900286f29e

Regards,
Jaap

> On 26 Sep 2021, at 15:29, Ovidio Ruzzier <ovidioruzzier@xxxxxxxxx> wrote:
> 
> Hi all,
> 
> I apologize if this question is more an open one than a close and
> related to wpa_supplicant.
> I'm trying to encrypt and authenticate traffic among three hosts. I
> use EVE-NG for that.
> I used first a normal switch provided by EVE-NG, then I used a Nexus 9000v
> When I manually configure MACsed everything works fine.
> When I use MKA things stop working.
> I realized that MKA uses EAPoL-MKA, does the IEEE standard say that? I
> don't have access to the standard but this breaks the possibility to
> have MKA across switches.
> The statement MACsec (actually MKA) is a hop-by-hop protocol is true
> because MKA is hop-by-hop because to discover neighbours it uses MAC
> group addresses
> Per-se it is not.
> Is there a way to change the way peers are discovered?
> 
> Thanks.
> 
> Ovidio
> 


_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap




[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux