Hello, I work for a mid-size private school (about 700-800 people on campus), and I'm trying to set up a way to limit the use of our wireless to our students/staff. The main problem that I'm encountering is finding a solution that will fit our needs. A little background first... When I first started (about a year ago, and I'm still the only IT person managing the whole school network) we had crappy wireless at different places on campus for students and staff to access our network. The person who set these up (my current boss) simply did a MAC access control list on each AP and made the students and staff come to him to register their computers. This was a major pain since each of our APs (7 of them) had to have the new MAC address manually added to each AP every time we had a new laptop. The problem with this solution (aside from having to enter the MACs 7 times) was that we eventually run out of room in the MAC table. After some negotiating we got new wireless, but still not top of the line (I wanted CISCOs, we got Netgear WPN802s instead), and I found that we still run out space in the table (it now help 50, we now have about 100+ laptops being used by students). I know that the solution is to implement a radius authentication with the APs that we have. The APs support radius servers using either WAP or legacy 802.1X (with WEP keys). I did tons of research on WAP (being the preferred method), but I could not get around the fact that certificates MUST be installed in the client computer in order for the protocol to work. This is simply impossible since most of our students (and staff for that matter) are unable to install certificates (or unwilling) and having to install certificates manualy myself is just too time consuming. So my first questions is what methods would you suggest for this kind of set up? My original idea was to implement the legacy 802.1x option. i managed to set up the AP correctly and the radius server to authenticate based on MAC addresses, but I could not find a way to get the WEP key back to the client laptop. I'm not even sure it is possible, really, and I'm hesitant to try to have our students and staff enter a WEP key into their laptops themselves (since when they fail they will come for me to set it up, and if I wanted to change the WEP key, I would have to re-change it on every laptop). Is tehre any way for the radius server to send back the WEP key to the client? I know it must seem horribly insecure (and it is), but I have to show my boss a solution that is better than simply leaving our network open. Can some one help or suggest a better way of resolving this? -- View this message in context: http://www.nabble.com/a-freeradious-wireless-solution-for-a-school-tf3036221.html#a8437548 Sent from the FreeRadius - User mailing list archive at Nabble.com.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html