Picchioni DD-WRT User
Joined: 20 Sep 2006 Posts: 120
|
Posted: Mon Feb 12, 2018 2:36 Post subject: Client Bridge Using 802.1x on Broadcom SoCs |
|
Hi All,
I currently have an R7000 (used as an AP only) that utilizes 802.1x (specifically EAP-TLS) for authentication and has been working like a charm for about a year. Some recent changes to my home network are requiring me to use a client bridge between 2 locations in my house vs a hard wired connection.
I've been attempting to get the 2nd R7000 to connect as a client bridge using 802.1x but so far have been unsuccessful. I can change the wireless network to WPA2-PSK and the 2nd R7000 connects without an issue, so the issues appear to be limited to 802.1x. There's no auth attempts against the freeradius server so it looks like the connection attempt is failing even before it attempts to authenticate. I've been looking at syslog messages to see if it can provide me any hints, but nothing useful.
I haven't found any forum posts that aren't incredibly dated surrounding this setup which isn't too surprising as it really isn't a common use case. But Sash mentioned in a thread from 2011 that Broadcom chipsets can't connect as clients to Enterprise networks/use 802.1x, and I'm wondering if that's still the case or have there been some advancements with that?
Has anyone attempted to setup something similar? Or is it possible to obtain some more verbose logging for the connection attempt that might provide some clues as to what's wrong? I'm using 34800M (2018/02/07) from Kong on both R7000's.
Thanks in advance! |
|
jwh7 DD-WRT Guru
Joined: 25 Oct 2013 Posts: 2670 Location: Indy
|
Posted: Sat Feb 24, 2018 12:55 Post subject: Re: Client Bridge Using 802.1x on Broadcom SoCs |
|
Picchioni wrote: | But Sash mentioned in a thread from 2011 that Broadcom chipsets can't connect as clients to Enterprise networks/use 802.1x, and I'm wondering if that's still the case or have there been some advancements with that? | I'd guess that is still the case, esp given your observation. The Broadcom driver is a proprietary blob, and they don't have incentive to add enterprise features to it.
Only idea I could suggest, if practical for you, is to dedicate a radio to the client bridge using WPA2-AES, then use the other radio on each R7000 for your 802.1x EAP-TLS. Even better would be to WDS them, but another obscure folk legend that nobody seems to confirm is that Broadcom ARM doesn't work w/ WDS...and/or just that Broadcom MIPS<->ARM doesn't work. _________________ # NAT/SFE/CTF: limited speed w/ DD # Repeater issues # DD-WRT info: FAQ, Builds, Types, Modes, Changes, Demo #
OPNsense x64 5050e ITX|DD: DIR-810L, 2*EA6900@1GHz, R6300v1, RT-N66U@663, WNDR4000@533, E1500@353,
WRT54G{Lv1.1,Sv6}@250|FreshTomato: F7D8302@532|OpenWRT: F9K1119v1, RT-ACRH13, R6220, WNDR3700v4 |
|