[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] radius

I do not have experience with radius, but I did have the same problem. I created an access list for the airport (airport admin utility) via MAC addresses. It was time consuming, and I'm sure there is a guru out there that knows an easier way, but then I exported the list and imported it into all the other airports. This kept only the appropriate computers from using the federally purchased equipment. All the other non-federal airports are set up as bridges, and the MAC address is in the dhcp server. No entry in the server, no access to the network. Haven't had any problems yet with kids putting in statics yet....
Hope this helps.

Mike Rambo wrote:

I hope this doesn't sound stupid (but even if it does...).

I've never dealt with radius before. The legislature here has voted
money to put laptops with wireless access in the hands of all 6th
graders in the state. I won't mention anything about how the equipment
is routinely trashed by the students in the building experimentally
running this program already (oops - let the cat out of the bag ;). In
any case, certain things are not funded by the program. One example is a
process to secure our networks against every tom, dick, and harry that
wanders near the required wireless access points with their own wireless
device. Anyway, enough of the background...

I've been searching for information about radius. None of us here have
any past experience with it but we need to set something up. I have
freeradius running. I have a cisco AP350 wireless access point working.
I have a wireless iBook to play with. I've googled everything I can
think of but the info I've found is pretty sketchy at best. I think my
biggest problem is understanding the process that is supposed to occur
so I can configure everything.

Can anyone describe the steps in the authentication process when a
wireless client comes online from the client through the AP, to the
radius server? I've been told they want the authentication to be by mac
address rather than a user logon (if that is even possible - seems like
all the docs for radius talk about authenticating by user realm). Seems
to me it might be easier to set up a dhcp server and control routing of
ip's associated with given mac addresses but that would involve machines
at all wireless locations and they want all access to be centralized. I
think I'm stuck configuring freeradius but since I'm not sure what's
supposed to happen I'm at a loss for what to do next.

Thanks for any help you can provide.

-- Mark Gumprecht Data Systems Specialist MSAD#3 Unity, Maine 04988 Gumprechtm msln net

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]