> The assumption made here is that the authenticator is the AP. > I believe things would be much easier and still safe if one > authenticator would control a group of APs and not just be > one itself. This group of APs could be a subnet or a smaller > group, but at least within this group the handoff would be > much faster. The authenticator would act in the same way > except that it would do the job for a group of APs and not > for just one. If this would be done than all the questions > above would have their answers. What is your opinion?
This is how some of the switched wireless systems work. However, if you roam from an AP on one switch to an AP on another switch, you still have the same issue. It reduces the volume of traffic but doesn't make it disappear altogether. You can also reduce the amount of reauthentication traffic if your supplicant, authenticator and authentication server all support Session Resumption. This works on the premise that at the point where the Session-Timeout times out, if the supplicant and the authenticator both know the master key, then there's no need to trouble the authentication server. Normally, there is a time and/or number of reauthentications limit on this process before a complete reauthentication has to take place. Regards, Guy > > Andrea > > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > This e-mail is private and may be confidential and is for the intended recipient only. If misdirected, please notify us by telephone and confirm that it has been deleted from your system and any copies destroyed. If you are not the intended recipient you are strictly prohibited from using, printing, copying, distributing or disseminating this e-mail or any information contained in it. We use reasonable endeavours to virus scan all e-mails leaving the Company but no warranty is given that this e-mail and any attachments are virus free. You should undertake your own virus checking. The right to monitor e-mail communications through our network is reserved by us. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html