Hi, > The idea is, that the router does the authentication via radius server, which > stores predefined "WPA keys". When user uses one of them to access the > network, the "WPA key" is activated. After specified period of time, radius > server automatically deactivates the WPA key and disconnects user.
err, if the WPA key only becomes active AFTER they've reached the RADIUS server - then HOW are they to connect to the wireless in the first place - as the WPA key is required for the layer 2 link to come alive(!) AAA would be able to give you this 'very low level' type of authentication. what you COULD do with AAA is to use SSL certs....eg EAP-PEAP/EAP-TLS with WPA-enterprise. and then once the cert has been used, expire it. alternatively use WPA as you are currently doing but enforce another control method to get online - such as a SOCKS5 proxy. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
