This is a progress report about Cisco Aironet support in Radiator. We have spent some time recently working with the Cisco Aironet 340 and family wireless routers with a view to adding compatibility to Radiator. Here is the state of play: Cisco Aironet routers support Extensible Authentication Protocol (EAP) authentication through Radius. EAP is a public protocol that defines a number of public authentication protocols (encapsulated inside EAP messages) and also allows for vendor-defined extensions to be added. EAP protocol can be carried inside Radius packets through the EAP-Message and Message-Authenticator attributes. Cisco have defined a proprietary extension to EAP called LEAP. (lightweight extensible ...). LEAP has not been publically documented, and Cisco say it is a proprietary protocol which is not to be publically released. LEAP Radius authentication is only supported by Cisco Secure at this time. At this time, Aironet authentication clients (ie the computer trying to connect to the wireless router) are availbale for Windows, Linux, Mac. However, they only support LEAP. Nobody is currently offering standard EAP clients for Aironet on any platform. This means that right now, the only way you can use Radius to authenticate user access to Aironet routers is through LEAP and Cisco Secure. The latest release of Radiator (2.18.2) will correctly proxy EAP and LEAP Radius packets to and from Cisco Secure, even if the shared secrets are different, and even if Radius attributes are stripped or added on the way through (the EAP Message-Authenticator depends on the Radius shared secret and the _entire_ contents of the Radius packet). However, right now, it is not possible for Radiator to directly authenticate LEAP Radius requests. If you want this to change, you may want to contact your Cisco Rep. Its an interesting question how anyone can be sure that LEAP is secure if Cisco dont expose the protocol to public scrutiny? Views, feedback direct to me, please? -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
