hi
TKIP is the encryption method used on the wireless link. radius is designed to be independent of the access technology used by the NAS.
in other words, TKIP is something which is not known to the radius server - by design. the radius server will - if available - provide the NAS (802.11 access point in that case) with the "raw" key material. however it is up to the NAS to derive the necessary keys from it.
you configure the NAS to use TKIP on the link. freeradius is automatically configured in a way that will derive and attach key material to the access-accept message sent to the solicited NAS. you can see the MPPE-*** attributes in the access-accept message in the full log (radiusd -s -X)
ciao artur
Dani Camps wrote:
I want to set up a secure wlan using EAP-PEAP as authentication method and Radius as a authentication server, in the AP I choose TKIP encryption, but I think TKIP needs to renew the keys used, and I think is the Radius server the one that has to create the keys and pass them to the AP, is this true ?
In that case how to configure Radius to use TKIP ?
Any of you have experience in this set up, wlan with EAP-PEAP authentication in a Radius server and using TKIP for encryption ?
Thanks !
__________________________________ Do you Yahoo!? Meet the all-new My Yahoo! - Try it today! http://my.yahoo.com
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
