On Thu, 18 Nov 2004, Andrea G. Forte wrote: > The assumption made here is that the authenticator is the AP. I believe > things would be much easier and still safe if one authenticator would > control a group of APs and not just be one itself. This group of APs > could be a subnet or a smaller group, but at least within this group the > handoff would be much faster. The authenticator would act in the same > way except that it would do the job for a group of APs and not for just > one.
Thats pretty much what "Wireless Domain Services" (WDS) on the Cisco Aironet APs does. One of the APs does the direct communication to the radius server and then caches that for its client APs. Take a look at: http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801c951f.shtml Joe Matuscak Rohrer Corporation 717 Seville Road Wadsworth, Ohio 44281 (330)335-1541 [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
