IEEE 802.11x mit Radius (WPA(2), TLS, Radius)

Access Point

/etc/config/wireless

# Examples for encryption:
# psk-mixed/tkip        => WPA1+2 PSK, TKIP
# wpa-psk2/tkip+aes     => WPA2 PSK, CCMP+TKIP
# wpa2/tkip+aes         => WPA2 RADIUS, CCMP+TKIP
config 'wifi-iface' 'private'
    option 'device' 'wifi0'
    option 'network' 'ap2'
    option 'mode' 'ap'
    option 'isolate' '1'
    option 'ssid' 'My SSID'
    option 'hidden' '0'
    option 'encryption' 'wpa2/tkip+aes'
    option 'key' 'Radius Shared Key'
    option 'server' 'Radius IP'
    option 'nasid' 'other'
    option 'port' '1812'

WPA-PEAP

Radius Server

radius:

select * from radcheck where username="MyUSERNAME"\G
 username: MyUSERNAME
 attribute: User-Password
        op: ==
     value: MyPASSWORD

Client (Notebook)

wpa_supplicant.conf

network={
  ssid="My SSID'"
  scan_ssid=1
  key_mgmt="WAP_EAP"
  eap="PEAP"
  identity="MyUSERNAME"
  password="MyPASSWORD"
  phase2="auth=PAP"
}

WPA-T(T)LS

Radius Server

radius:

select * from radcheck where username="MyUSERNAME"\G
 Empty set

Client (Notebook)

wpa_supplicant.conf

network={
  ssid="My SSID'"
  scan_ssid=1
  key_mgmt="WAP-EAP"
  eap="TLS"
  identity="MyUSERNAME"
  client_cert="PATH_TO_client.pem"
  private_key="PATH_TO_client.key"
  private_key_password="PRIVATE_KEY_PASSWORD"
}