802.1x Problems


From: Lei chuanhua (ch_lei_at_powermatic.com.sg)
Date: 2002-10-09 11:17:43 UTC



Hi, jouni,

      These days, I read some documents about 802.1x, but  I still can't understand some problems about 802.1x with WEP
       My understanding  as the following,
       1. Broadcast packets use the old method, just like general WEP.
        2. Unicast packets. 802.1x supplicant will be authenticated to radius server via AP. if success, supplicant will get one WEP key. At the same time, Radius server will send one same WEP key copy to AP. So if there are many 802.1x supplicants, AP will keep every supplicant WEP key for encryption and decryption. HostAP will do it easily because it use host encryption and can receive and transmit mulitple keys. 
      Now my question is, if we use firmware-based AP, and we can't use host encryption(most verdors except intersil). How does it process mulitple keys? In general, firmware -based AP can only proccess one key(determined by key index). But in the market, I have seen so many vendors support 802.1x,  and most of them use firmware -based AP. I guess that Fimware-based AP will do it like hostAP with 802.1x support. But I am not sure.
     Is corrent my understanding of  802.1x implementation? If not, is is possible to implement 802.1x above driver without firmware support for multiple session keys? I know Orinoco AP 2000 supported 802.1x, but I don't know how it process the 802.1x protocol. I even don't know in principle, because it is based on firmware-based AP.
      Any information or help  will be greatly appreciatedly.
         Thanks very much,
                    hualab
     


This archive was generated by hypermail 2.1.4.