Nolan King wrote: > This is the manufacturer of the "broken AP" > http://skypilot.trilliantinc.com/ > > Skypilot was an indie manufacturer, recently purchased by trilliant. not sure > who makes their hardware now- the tdm, one radio-many antennas approach has > worked well for my muni mesh. they used to have a forum where i whined about > the lack of EAP-TLS support to no avail, i think the forum is dead since the > trilliant purchase. > > wireless security, 802.1x mentioned in these docs: > http://skypilot.trilliantinc.com/pdf/wp_WirelessSecurity.pdf > http://skypilot.trilliantinc.com/pdf/ds_SkyExtenderPlus.pdf > > only mention i could find specifically excluding EAP-TLS method is here, on > page 25: > http://skypilot.trilliantinc.com/support/documents/SkyAccess_DualBand_Installation_Guide.pdf >
It takes a special kind of dedication to make PEAP work, but to break EAP-TLS. i.e. you have to write *extra* code in the AP to look for EAP-TLS. Then, you have to do something different from PEAP. If the AP manufacturer instead supported EAP (*any* kind), then PEAP would work. TTLS would work. TLS would work. EAP-FAST would work. I've seen RADIUS servers that do this kind of thing (Merit). It's good for everyone that no one uses those products any more. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
