WPA is designed to have the following authentication methods:
This section is about the Enterprise-level authentication.
The Enterprise-level authentication methods that have been selected for use within the Wi-Fi certification body are:
The io-pkt manager supports all the above, except for EAP-SIM. Certificates are placed in /etc/cert/user.pem, and CA certificates in /etc/cert/root.pem. The following example is the network definition for wpa_supplicant for each of the above Enterprise-level authentication methods:
ctrl_interface=/var/run/wpa_supplicant ctrl_interface_group=0 update_config=1 # 3.1.2 linksys -- WEP network={ ssid="linksys" key_mgmt=NONE wep_key0="LINKSYSWEPKEY" } # 3.1.3 linksys -- WPA network={ ssid="linksys" key_mgmt=WPA-PSK psk="LINKSYSWPAKEY" } # 3.1.4 linksys -- WPA2 network={ ssid="linksys" proto=RSN key_mgmt=WPA-PSK psk="LINKSYS_RSN_KEY" } # 3.1.5.1 linksys -- EAP-TLS network={ ssid="linksys" key_mgmt=WPA-EAP eap=TLS identity="client1" ca_cert="/etc/cert/root.pem" client_cert="/etc/cert/client1.pem" private_key="/etc/cert/client1.pem" private_key_passwd="wzhang" } # 3.1.5.2 linksys -- PEAPv1/EAP-GTC network={ ssid="linksys" key_mgmt=WPA-EAP eap=PEAP identity="client1" password="wzhang" ca_cert="/etc/cert/root.pem" phase1="peaplabel=0" phase2="autheap=GTC" } # 3.1.5.3 linksys -- EAP-TTLS/MSCHAPv2 network={ ssid="linksys" key_mgmt=WPA-EAP eap=TTLS identity="client1" password="wzhang" ca_cert="/etc/cert/root.pem" phase2="autheap=MSCHAPV2" } # 3.1.5.4 linksys -- PEAPv1/EAP-MSCHAPV2 network={ ssid="linksys" key_mgmt=WPA-EAP eap=PEAP identity="client1" password="wzhang" ca_cert="/etc/cert/root.pem" phase1="peaplabel=0" phase2="auth=MSCHAPV2" }
Run wpa_supplicant as follows:
wpa_supplicant -i if_name -c full_path_to_your_config_file
to pick up the configuration file and get the supplicant to perform the required authentication to get access to the Wi-Fi network.