Does only work with Cisco LEAP. And well i would be surpised if it would be possiple to somehow cach the EAP/TLS stuff to reuse them later ?!
> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Matanya Elchanani > Sent: Thursday, October 07, 2004 6:21 PM > To: [EMAIL PROTECTED] > Subject: RE: Authentication for Cisco WDS? > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On > > Behalf Of Alan DeKok > > Sent: Thursday, October 07, 2004 11:54 AM > > To: [EMAIL PROTECTED] > > Subject: Re: Authentication for Cisco WDS? > > > > Joe Matuscak <[EMAIL PROTECTED]> wrote: > > > I've got a couple of Cisco 1200 access points set up doing > > EAP/TLS with > > > FreeRADIUS (0.9.3) on Fedora Core 2. That seems to be > > working fine, but I > > > now want to allow the client devices to roam without having to > > > re-authenticate. > > > > I don't think that will work. The AP's won't let the > user onto the > > network until they authenticate. They also can't get > dynamic WEP keys > > unless they re-authenticate. > > Alan, > > This can work. Cisco provides a wireless infrastructure > called Wireless Domain Services (WDS - see subject of the > thread). One of the services in WDS is "Fast Secure Roaming", > eliminating the need to re-auth to RADIUS. Here is a quote > from the Cisco WDS doc: > > ============================================================== > ================================= > Using Cisco Centralized Key Management (CCKM), a device > configured to provide Wireless Domain Services (WDS) takes > the place of the RADIUS server and authenticates the client > so quickly that there is no perceptible delay in voice or > other time-sensitive applications ... The WDS device > maintains a cache of credentials for CCKM-capable client > devices on your wireless LAN. When a CCKM-capable client > roams from one access point to another, the client sends a > reassociation request to the new access point, and the new > access point relays the request to the WDS device. The WDS > device forwards the client's credentials to the new access > point, and the new access point sends the reassociation > response to the client. Only two packets pass between the > client and the new access point, greatly shortening the > reassociation time. The client also uses the reassociation > response to generate the unicast key. > ============================================================== > ================================= > > Joe, > > To get this to work, you will need to have a 6500 with a WLSM > module, and WLSE running on CiscoWorks. The whole thing is > well documented in the Cisco doc: > http://www.cisco.com/en/US/products/hw/wireless/ps4570/product s_configuration_guide_chapter09186a0080208a6e.html -- Matanya - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
