From owner-freebsd-stable@freebsd.org Wed Oct 18 19:39:21 2017 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 955CEE42558 for ; Wed, 18 Oct 2017 19:39:21 +0000 (UTC) (envelope-from spork@bway.net) Received: from smtp1.bway.net (smtp1.v6.bway.net [IPv6:2607:d300:1::27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 706B4673FA for ; Wed, 18 Oct 2017 19:39:21 +0000 (UTC) (envelope-from spork@bway.net) Received: from gaseousweiner.sporklab.com (pool-96-225-84-130.nwrknj.fios.verizon.net [96.225.84.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: spork@bway.net) by smtp1.bway.net (Postfix) with ESMTPSA id 6389995871; Wed, 18 Oct 2017 15:39:10 -0400 (EDT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Subject: Re: 802.1X authenticator for FreeBSD From: Charles Sprickman In-Reply-To: <2B2D49E0-F804-4557-9DB5-A915A8578070@pean.org> Date: Wed, 18 Oct 2017 15:39:07 -0400 Cc: Stefan Bethke , FreeBSD Stable , Chris Ross Content-Transfer-Encoding: quoted-printable Message-Id: <3F040A9B-B03F-4FD5-B1DC-70BD8AFCC829@bway.net> References: <2D461E1D-895F-4D31-9834-A40DEF02F121@pean.org> <4F45AC20-57F9-4246-836E-4F1C1D01FAC2@lassitu.de> <2B2D49E0-F804-4557-9DB5-A915A8578070@pean.org> To: =?utf-8?Q?Peter_Ankerst=C3=A5l?= X-Mailer: Apple Mail (2.3273) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Oct 2017 19:39:21 -0000 > On Oct 18, 2017, at 1:10 PM, Peter Ankerst=C3=A5l = wrote: >=20 >>=20 >> I=E2=80=99m under the impression that the authenticator function in a = wired network is usually part of the switch, and the switch will talk to = some authentication server like RADIUS, giving it the port number of the = connected device and additional information. >>=20 >> If FreeBSD had such a function, I think it would be limited to = point-to-point Ethernet links, 802.1x being a link-layer protocol. >>=20 >=20 > Yes I know, but this is functional in hostapd for Linux and it would = be nice to have it in FreeBSD as well.=20 I=E2=80=99m not seeing this in FreeBSD, but pfsense does claim to = support 802.1x for wifi. I just happen to be reading about radius (last I used it was for dialup) = for wifi auth and the quick overview on the radius side of things is = that the AP software sends your auth info as well as MAC and a bunch of = other stuff, and the radius server (much like dialup) sends back all = sorts of info beyond auth success/fail - session timeout, info on what = VLAN the client may be on, firewall policies, etc. Pretty cool stuff. Charles >=20 > Thanks anyway! > _______________________________________________ > freebsd-stable@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to = "freebsd-stable-unsubscribe@freebsd.org"