hi
We are probably getting a Cisco Aironet 350 AP.
it works with this one.
an AP never supports or doesn't support a particular EAP type (like EAP/TLS, etc.), that's wrong. E.g. the AP350 supports 802.1X based authentication with a backend RADIUS server, that's true. so it supports all EAP types, it has nothing to do with TLS in particular :-)From what i have gathered from the list about Aironet, the 350 suports EAP-TLSbut i'm not sure how the WEP keing works.
and yes, it does support the dynamic WEP-key generation.
I have seen somewhere that Cisco uses their own VSA, is that right ? or do they also support MS-MPPE-Key-* ?
they use MS-MPPE-Key-*
what clients? you mean users, i.e. supplicants? the supplicants will usually be represented by an OS, the latter has to be capable of this dynamic WEP key generation procedure, which consists of deriving the keys from the TLS master secret and decrypting/checking/installing the received key or generating/installing/signing/sending the generated key.I'm looking to support non-cisco clients.
windows XP is capable of doing so in the cisco compliant way.
the support for this in radius has been added by Lars and Henrik, if you have more specific questions on this, you can ask those guys, they are cool :) you can read the archives, too.
i think somebody was working on adding the support for this to Linux. i don't remember who it was. actually, this person could post the patches somewhere, would be nice...
ciao
artur
--
Artur Hecker Groupe Acc�s et Mobilit�
hecker[at]enst[dot]fr D�partement Informatique et R�seaux
+33 1 45 81 7507 46, rue Barrault 75634 Paris cedex 13
http://www.infres.enst.fr ENST Paris
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
