Alan, it was not documented...obviously. Further, we use WEP+
encryption to extend the security of our wireless network (+ is Avaya's
stronger hashing). I am well aware of the problems with WEP. If
someone wants access badly enough to....
1. Find a MAC that's in our database
2. Spoof their MAC address
3. Crack a 128 bit WEP+ key (have you tried? Its not easy)
4. Risk being caught through accounting reports/logs
....they can find plenty of open ethernet ports in one of our buildings
without going through all that trouble. Our more important networks are
protected by vpn gateways.
As for this comment:
>Huh? Why? Managing passwords isn't difficult. So for one AP, you add
>(by hand) the password which just happens to be the MAC address. For
>another AP, you add a different password. That is by far and away too
>complicated.
We have more than 12,000 users and 100's of access points. Do you think
we could add all the MAC's into each AP? That's the worst management
nightmare I can imagine. Modifying one SQL query in the sql.conf file
is hardly complicated. The only problem is I don't know how to make
radius differentiate between AP requests. I know there people on this
list who can answer that in their sleep. I would really appreciate some
help from one of you radius gurus (not Alan).
--
Mike Hall
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
