> But then what is the better way to improve the security using radius? > radius and something else but not ipsec or eap...something else?
something similar was asked on BAWUG a while ago: http://lists.bawug.org/pipermail/wireless/2002-January/004613.html why not IPSec? Another thing: the Message-Authenticator attribute is required for 802.1x but I think its independent of that, and can be used to sign packets that dont include eap. > PAP and CHAP are the same... not exactly. Depending on your setup one may be better than the other. http://www.freeradius.org/faq/#4.4 There are many implementations of PAP+SSL (the WLAN NAS has a web browser) which are reasonably secure. Then there are some that dont use SSL and you should then use chap (PAP would send your password in the clear to the NAS). Puneet _______________________________________________ No banners. No pop-ups. No kidding. Introducing My Way - http://www.myway.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
