Robert J. Berger writes: > Is there a way to configure an 802.1x Access Point / Authenticator so that > it can support both 802.1x clients and captive portal clients?
The cleanest way to support this is for the AP to advertise multiple "Virtual APs". One "Virtual AP" would advertise Open Auth, and another one would advertise, say, WPA. To the station this appears like there are different APs offering distinct capabilities, either with the same SSID or different SSIDs. Using this approach, the legacy station will associate to the Open Auth "Virtual AP" and do Web portal auth; the WPA station will associate with the WPA "Virtual AP". If desired, the two "Virtual APs" can utilize separate VLANs for isolation, but this is not required. Everyone is happy -- and there are no required changes to the station. The following specification describes the various ways that Virtual APs can be implemented and recommends a single mechanism (multiple BSSIDs) that provides the best flexibility and backward compatibility. Many of the new chipsets support this approach, but not all: http://www.drizzle.com/~aboba/IEEE/11-03-154r1-I-Virtual-Access-Points.doc > Looks like there are going to be lots of computers that will not have 802.1x > supplicant software for a while. Microsoft offers 802.1X support for Windows XP, and Windows 2000 as well as NT 4, Windows ME, 98 and 98SE. See: http://www.microsoft.com/windows2000/server/evaluation/news/bulletins/8021xclient.asp Additional Microsoft 802.1x Authentication Client packages for Windows 98 and Windows NT 4.0 Workstation are available through the Microsoft Premier and Alliance Support organizations to customers with Premier and Alliance support contracts. For details about obtaining the clients, please contact your Technical Account Manager (TAM). Microsoft 802.1x Authentication Client packages for Windows 98 and Windows NT 4.0 Workstation are not available for redistribution. IEEE 802.1X clients available from other vendors include: http://www.80211-planet.com/news/article.php/975701 http://www.80211-planet.com/news/article.php/1025441 http://www.interepoch.com.tw/ProductSpec/Software/Ieee8021xClientSpec.htm > Is this even possible? Yes, it is possible. This is not an issue with IEEE 802.1X -- it is purely an AP (and possibly a chipset) issue. -- general wireless list, a bawug thing <http://www.bawug.org/> [un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless
