On Thu, 2004-02-26 at 10:01, jeff pickering wrote: > - No, Im not sure about the AP sending EAPOL-key frames since I cant > look at that > and even if I could, 802.1x is silent on the content and use of those > frames. For my enlightenment, > I would be happy if you could direct me to a source for info on the subject.
If you have a wireless card capable of RF monitoring mode, you can watch the EAP conversation take place to make sure the EAPOL-Key frames are being sent. Ethereal works quite well for this if you have either a Cisco Aironet card or a Proxim Orinoco Class card with the monitor mode patches linked from the Airsnort site (http://airsnort.shmoo.com). > - I understand that radius server and supplicant agree on msk, but also > understood that AP > somehow needed this information and expected to get it outside the eap > exchange, eg > in MPPE-Send-key radius attribute in same packet that contained the > accept. If this is > not the case, why are these attributes sent? It is true that the derived MSK is sent to the AP in the MS-MPPE-[Send|Recv]-Key attributes. These are used to create the TSKs used for layer 2 encryption (otherwise known as WEP keys in our current state... in 802.11i, they will be AES keys). > - If many people have this working, perhaps the linksys wrv54g, which is > relatively new, has a bug. I'll > try to look in that direction. That would be my suggestion. I'm using the current PEAP implementation of FR with Proxim AP-2000s with great success. -- --Mike ----------------------------------- Michael Griego Wireless LAN Project Manager The University of Texas at Dallas - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html