>-----Original Message----- >From: John Scrivner [mailto:[EMAIL PROTECTED] >Sent: Friday, March 2, 2007 02:19 PM >To: 'WISPA General List' >Subject: [WISPA] School wants authentication > >I have a customer who is a high school. They have fiber run to switches >in 10 buildings. All of those buildings are connected through one giant >private class B via a DHCP server. We serve wireless to 100% of the >campus, indoors and out, over this same network with several bridged APs >(all certified and not exceeding any power rules - I promise).
>> Please tell me you are routing between the wired and wireless segments. They >would like authentication of users. I tried setting WPA2 with Radius >Auth and created a mess. Every time the AP signal would hand off from >one AP to another (which happens every couple of minutes or more often) >the system would force re-authentication. It is a bit of a mess. >Configuration of Windows XP for Radius Auth on WPA2 reminds me of the >bad old days of having to tweak Trumpet Winsock or dealing with Windows >Dial-up Adapter version 1.0. > >We had another issue with the APs just constantly forcing >re-authentication via Radius. We have opted for WPA2 Passphrase to >deliver AES encryption for now. This still leaves us with the >authentication issue. They currently have a DHCP server with zero >logging of users. People just connect and get an IP. It is a mess. I >want to propose a better solution. > >I would like to see an authentication solution via a hotspot portal or >equivalent which would force credentials be delivered by a user before >any user has access to anything via wired or wireless network. Does >anyone know a good way to do this? I have many ideas but I have never >really done this and I would like to hear what others would propose to >see if my ideas mesh or not. It is also good to see how others handle >this type of situation. I am leaning to a Mikrotik hotspot gateway which >I think will do it all. What say the rest of you? >Scriv > >> If they have Windows Server 2003, and the AP's support it, MS CHAP with PEAP >> works well for secure access. Since generally deploy Cisco Airespace, we >> can use the built in hotspot functionality for guest and other access. > -- WISPA Wireless List: [email protected] Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
