"Jerry Roy" <[EMAIL PROTECTED]> wrote: > I want to know if Mac filtering will be too much of a headache vs. > having the AP proxy the authentication/association to a radius server?
MAC authentication can be spoofed. EAP can't be. > If I use Radius, can I make it so only the employee needs to > authenticate? No, but I'm not sure you want to allow un-authenticated users onto your network. > If I use 802.1x, I am thinking the Radius server back at the corporate > location will be on their DMZ. Is the shared Secret in clear text > between the AP/Router to the Radius server? The shared secret is never sent in any packet. > Is PEAP, the most logical choice here? Why wouldn't I use it? If PEAP works, you can use it. If you're running Linux clients, I'd recommend EAP-TTLS. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
