Chris, the whole purpose of 802.1x is to generate a secure auth mechanism and dynamic re-keying. I have used hostapd together with freeradius and the key generation as well as the re-keying are automatic. You can set the re-keying interval as well. I am not familiar with your setup, but a way to find out, would be to sniff the traffic and look for EAPOL-Key frames which are exchanged at the end of the auth process.
Hope this can help. Andrea On Wed, 19 May 2004, Chris Bshaw wrote: > Hi.... > > I have created the following setup: > > W2K 802.1x supplicant client with NetGear WG511 card > Cisco Aironet 1200 AP > RH9 Linux server with a cvs download of freeradius > > As per the many docs on the subject, I have successfully setup > EAP-TLS.....however, I can't tell if WEP keys are being generated. > > When I look on the web admin page of the Aironet 1200 the associations list > says that my W2K client is EAP-associated (so that works OK) but Encryption > is marked as 'none'. > > ....and I have looked in the radiusd logs but can't work out whether WEP > keys are being generated. I know that the session key is used to generate > the keys, so perhaps something in the logs (without the word WEP in it) is > responsible for WEP key generation. > > I thought that if you used EAP-TLS then you automatically got WEP keys > generated....? Is this true? > If so how can I confirm that this is happening (other than trying to sniff > the traffic off the air to see if it is encrypted ;-)... > > If this isn't true, does this mean that it is possible to use EAP-TLS > without WEP key generation? > > If so, are there extra steps I need to follow to activate WEP key generation > as part of EAP-TLS? > > Sorry if some of these questions seem a bit strange....I am a bit new to > 802.1x and EAP.... > > Thanx in advance for any help. > > Chris Bradshaw > > _________________________________________________________________ > Help STOP SPAM with the new MSN 8 and get 2 months FREE* > http://join.msn.com/?page=features/junkmail > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
