> --- On Fri 05/30, Robert J. Berger < [EMAIL PROTECTED] > wrote: > Is there a way to configure an 802.1x Access Point / Authenticator > so that it can support both 802.1x clients and captive portal clients? > Looks like there are going to be lots of computers that will not > have 802.1x supplicant software for a while.
AFAIK only Win98 and Win95 systems dont have the supplicant. Win XP has it built-in and for Win 2K you can download a patch from the microsoft website. There are companies that sell supplicants (meetinghouse, funk etc) and I think there are some WLAN card manufacturers whose client has the supplicant built-in (Cisco ACU I think). > It would seem that an access point could concievably have a mode > where all non authenticated http packets get redirected to a specified > web server address. The web server could then authenticate the user > and then communicate back to the Access Point Authenticator to allow > the client to have full access (it could practiculaly emulate the client > suplicant). Colubris has a product which seems to support (atleast thats what I understand from the diagram): http://www.colubris.com/en/products/public_access/CN3000 both 802.1x as well as webpage redirect & username-password, and might be what you are looking for. The Cisco AP allows you to have multiple SSIDs and map each one to a VLAN. The security settings are different for each VLAN-SSID pair and while you can turn off WEP on one of the SSIDs and keep it on the other (even set different WEP keys for each VLAN-SSID pair) I am not sure if you can do that with 802.1x (keep it off only on one SSID). Also, only one SSID will be broadcast, so you need some other way to tell users that there are multiple SSIDs (the 'extra' SSIDs wont show up in the beacons). There are also a number of new WLAN-Switch manufacturers who use thin APs, and should presumably be able to support what you are looking for. On a related note: its usually not a good idea to mix 802.1x and non-802.1x APs in the same network. The network is going to be only as strong as its weakest link! You can turn off 802.1x in all APs, and use a NAS to show a web-page and control access to the network (thats what most hotspots today do) or just use 802.1x across your network. -Puneet _______________________________________________ No banners. No pop-ups. No kidding. Introducing My Way - http://www.myway.com -- general wireless list, a bawug thing <http://www.bawug.org/> [un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless
