> 
>> >> Does NetBSD support 802.1X authentication over wi?
>> >> http://www.ietf.org/rfc/rfc2284.txt
>> >> If so, how is it accomplished?
>> >
>> > I believe there is some ifconfig and wiconfig magic.
>> > It's pretty well documented in the man pages of those commands.
>> > We do not support LEAP. (the Cisco EAP) :(
>> >
>> > If I'm wrong, please correct me.
>> 
>> I don't know. I went back again and I still don't see any reference
>> to this EAP in any of the manual pages (-current) or on google,
>> etc. for NetBSD.  Only WEP. Or is the WEP nwkey the same thing?
>> 
>> What do I need to look for? Apparently it has some other name that
>> I am not recognizing?
> 
> You're looking at SSID's and WEP keys, if I remember correctly.

I don't believe so:

http://www.80211-planet.com/tutorials/article.php/1041171

802.1X Offers Authentication and Key Management

With 802.11's optional WEP (Wired Equivalent Privacy), all access
points and client radio NICs on a particular wireless LAN must use
the same encryption key.
...
The use of IEEE 802.1X offers an effective framework for authenticating
and controlling user traffic to a protected network, as well as
dynamically varying encryption keys. 802.1X ties a protocol called
EAP (Extensible Authentication Protocol) to both the wired and
wireless LAN media and supports multiple authentication methods,
such as token cards, Kerberos, one-time passwords, certificates,
and public key authentication. For details on EAP specifically,
refer to IETF's RFC 2284.

http://www.nwfusion.com/news/tech/2001/0924tech.html
...
802.1X takes advantage of an existing authentication protocol known
as the Extensible Authentication Protocol (EAP [RFC 2284]). 802.1X
takes EAP, which is written around PPP, and ties it to the physical
medium, be it Ethernet, Token Ring or wireless LAN. EAP messages
are encapsulated in 802.1X messages and referred to as EAPOL, or
EAP over LAN.

802.1X authentication for wireless LANs has three main components:
The supplicant (usually the client software); the authenticator
(usually the access point); and the authentication server (usually
a Remote Authentication Dial-In User Service server, although RADIUS
is not specifically required by 802.1X).

The client tries to connect to the access point. The access point
detects the client and enables the client's port. It forces the
port into an unauthorized state, so only 802.1X traffic is forwarded.
Traffic such as Dynamic Host Configuration Protocol, HTTP, FTP,
Simple Mail Transfer Protocol and Post Office Protocol 3 is blocked.
The client then sends an EAP-start message.

The access point will then reply with an EAP-request identity
message to obtain the client's identity. The client's EAP-response
packet containing the client's identity is forwarded to the
authentication server.

The authentication server is configured to authenticate clients
with a specific authentication algorithm. The result is an accept
or reject packet from the authentication server to the access point.

Upon receiving the accept packet, the access point will transition
the client's port to an authorized state, and traffic will be
forwarded.

802.1X for wireless LANs makes no mention of key distribution or
management.  This is left for vendor implementation.

At logoff, the client will send an EAP-logoff message. This will
force the access point to transition the client port to an unauthorized
state.
...