Re: FreeRADIUS - 802.1x WPA-TKIP, WPA2-AES settings
add to it: forward the DHCPDISCOVER to the DS if no internal table entry for this MAC is found. yapp, that would be even very easy to integrate. but i don't think that _any_ AP does that. Well, an AP that does 802.1x + chillispot is all you need :) You get the accounting, bandwidth shapping and traffic limits for free just for the case: no, it is NOT possible to assign IP addresses by 802.1X; you have to do DHCP after the authentication (yes, it is strange). A clever AP could support this: 1. Serving DHCP to the wireless netowork only 2. Getting the Framed-IP-Address from the radius Access-Accept, and putting it in a internal table (MAC - IP) 3. Serving that exact IP via DHCP when the subsciber asks for a lease. I don't know of an AP that does that, though. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- damjan | дамјан This is my jabber ID -- [EMAIL PROTECTED] -- not my mail address!!! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS - 802.1x WPA-TKIP, WPA2-AES settings
just for the case: no, it is NOT possible to assign IP addresses by 802.1X; you have to do DHCP after the authentication (yes, it is strange). A clever AP could support this: 1. Serving DHCP to the wireless netowork only 2. Getting the Framed-IP-Address from the radius Access-Accept, and putting it in a internal table (MAC - IP) 3. Serving that exact IP via DHCP when the subsciber asks for a lease. I don't know of an AP that does that, though. -- damjan | This is my jabber ID -- [EMAIL PROTECTED] -- not my mail address!!! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS - 802.1x WPA-TKIP, WPA2-AES settings
add to it: forward the DHCPDISCOVER to the DS if no internal table entry for this MAC is found. yapp, that would be even very easy to integrate. but i don't think that _any_ AP does that. ciao artur Damjan wrote: just for the case: no, it is NOT possible to assign IP addresses by 802.1X; you have to do DHCP after the authentication (yes, it is strange). A clever AP could support this: 1. Serving DHCP to the wireless netowork only 2. Getting the Framed-IP-Address from the radius Access-Accept, and putting it in a internal table (MAC - IP) 3. Serving that exact IP via DHCP when the subsciber asks for a lease. I don't know of an AP that does that, though. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS - 802.1x WPA-TKIP, WPA2-AES settings
Damjan [EMAIL PROTECTED] wrote: A clever AP could support this: 1. Serving DHCP to the wireless netowork only 2. Getting the Framed-IP-Address from the radius Access-Accept, and putting it in a internal table (MAC - IP) 3. Serving that exact IP via DHCP when the subsciber asks for a lease. Or, write a dhcp2radius protocol translator. When the wireless client does DHCP, have it forward the request to the RADIUS server, which assigns an IP address. It shouldn't be too hard to get a quick dirty hack together. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS - 802.1x WPA-TKIP, WPA2-AES settings
Thanks Artur and Alan. http://www.freeradius.org/doc/ FreeRADIUS has no connection to any DHCP server. They are always completely independent. I have not built the RADIUS server yet, i will use Redhat or Mandrake Linux to build one (I am very new to Linux world, that is why I need to have much DOC and clear instruction/steps as much as possible). However, how to direct or tell the authenticated Radius client/station go to get the IP address from the DHCP server, in other words, is in the RADIUS server where to indicate the DHCP server IP address (or point to my DSL router 192.168.1.1). Thanks Timolthy [EMAIL PROTECTED] __ Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages! http://promotions.yahoo.com/new_mail - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS - 802.1x WPA-TKIP, WPA2-AES settings
hi However, how to direct or tell the authenticated Radius client/station go to get the IP address from the DHCP server, in other words, is in the RADIUS server where to indicate the DHCP server IP address (or point to my DSL router 192.168.1.1). no. radius is used till to the point when the authenticating station gets access to the network. if it helps, you can compare it to a (somehow controlled) plugging into the network plug: from the point you plug a station in, it is up to the station to send DHCPDISCOVER messages and to interpret the offers from the servers. in the case of 802.1X and radius, the station does exactly the same as it would do if you just plugged it in. now, if you wanted to make a logical link between the authenticated station/user and the assigned IP address, you would have to go farther (e.g. execute a script every time a new station connects which reconfigures your DHCP server to assign a chosen IP address to the seen MAC address etc.) ciao artur - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS - 802.1x WPA-TKIP, WPA2-AES settings
Timolthy Keithy [EMAIL PROTECTED] wrote: Are there any instruction, step-by-step on how to build the RADIUS server for WPA and WPA2 (802.11a/b/g). http://www.freeradius.org/doc/ And would there be possible to install the RADIUS server separate from DHCP server? if yes, how to? FreeRADIUS has no connection to any DHCP server. They are always completely independent. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS - 802.1x WPA-TKIP, WPA2-AES settings
hi Are there any instruction, step-by-step on how to build the RADIUS server for WPA and WPA2 (802.11a/b/g). yes, there are. today, it should work out of the box (well, there is no box, but still). the good news from the pov of the radius server is that all these things you mentioned are transparent for it; the AP has to do a/b/g and WPA/WPA2 from the keying information received from the server (that may be kind of half true, because at least WPA2 is not yet released and thus half ready). in any case, if you have an AP you bought recently, it should work with FR directly. And would there be possible to install the RADIUS server separate from DHCP server? if yes, how to? hmm? yes, the two instances have no relation to each other whatsoever. you install the first and then the second. just for the case: no, it is NOT possible to assign IP addresses by 802.1X; you have to do DHCP after the authentication (yes, it is strange). the Client is Windows XP, which has support for 802.1x client. true, and it should work, PEAP/MS-CHAPv2 and TLS are supported by FR. ciao artur - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html