Re: [WIRELESS-LAN] Bluesocket....

[Sean Che]

Christopher R. Hertel wrote: * Bluesocket supports more than just Radius or LDAP authentication. It could pass 802.1x authentication packet transparently. Um... I've talked to some of the 802.1x folks and they are very clear that 802.1x traffic should *not* pass through the AP. Personally, I think that's impractical, but the reasoning is sound. The thinking is that the AP is a layer2 device and that 802.1x is a layer2 protocol. Ah, well. 802.1x traffic should NOT pass through AP.  What I said is that 802.1x can pass through Bluesocket.   In this case, the link between authenticator(AP) and authentication server ( Radius Server) is transparent, even thought bluesocket box sits between them. FYI,  here's the authentication process of 802.1x: The client may send an EAP-start message. The access point sends an EAP-request identity message. The client's EAP-response packet with the client's identity is "proxied" to the authentication server by the authenticator.  The authentication server challenges the client to prove themselves and may send its credentials to prove itself to the client (if using mutual authentication). The client checks the server's credentials (if using mutual authentication) and then sends its credentials to the server to prove itself. The authentication server accepts or rejects the client's request for connection. If the end user was accepted, the authenticator changes the virtual port with the end user to an authorized state allowing full network access to that end user. At log-off, the client virtual port is changed back to the unauthorized state. http://www.computerworld.com/mobiletopics/mobile/story/0,10801,79995,00.html * Bluesocket also supports more detailed controls such as those based on user, role, location, port. Curious... I've heard people talk about this (we've taked with the Reefedge folks about their product, which we liked) but I don't know of any practical applications. How would you use this? (Probably obvious but I haven't thought it through.) Here's an example: if we would like faculty to have access to the wireless network 24 X 7 but we don't want student to use wireless laptop surfing unrelated webpage during class hours in classrooms , we can use those fine-grained control feature of bluesocket to implement that.   All we have to do is to define different objects ( roles, users, locations, destinations, schedules etc) and apply rule/policy with them.  -- ------------------------------------- Sean(Xiangdong) Che Network Engineer Network Services Wayne State University Voice: (313)577-1922 Pager: (313)990-5403 Email: [EMAIL PROTECTED] ------------------------------------- ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/cg/.