It depends on the Authenticator. If you have a Hotspot gateway model with unauthenticated association, then yes, two wireless users could use your infrastructure to talk to each other without first authenticating.
Some switch vendors (wireless and wired) offer web based authentication that requires a user to associate into a "walled garden" with no access to anything other than the authenticator. The authenticator then performs the hotspot gateway function (usually somewhat more constrained functionality than the commercial gateway products) doing a web capture. Once the user has entered their credentials and been authenticated and authorized, they are moved into a different VLAN, given a new IP and get full access from there. The added benefit of this model is that *all* communications from user A to user B go through the switch. In a traditional gateway model, without any policy routing on the APs to force traffic in and out of the gateway, traffic from user A to user B will go direct so cannot be accounted. Rgds, Guy > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Marcin Jessa > Sent: 10 March 2005 11:31 > To: freeradius-users@lists.freeradius.org > Subject: Re: About client web authentication > > > I have no idea what you are talking about. > If you mean that WLAN users will be able to talk to eachother > after authentication then yes, that's the whole point of > opening the network. You need to describe your network first. > > > On Thu, 10 Mar 2005 15:56:36 -0800 > "Nurul Faizal M.Shukeri" <[EMAIL PROTECTED]> wrote: > > > > > Tq 4 ur response > > > > But if I do this, wlan user still can access each other. How to > > protect that? Is that mod_auth_radius that I'm looking for? > > > > TQ > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of > > Marcin Jessa > > Sent: Wednesday, March 09, 2005 6:31 PM > > To: freeradius-users@lists.freeradius.org > > Subject: Re: About client web authentication > > > > You need some kind of hotspot server like routeros or > staros. Or you > > can do that with Squid and custom firewalling rules to open > > connections from i.e. PPTP authenticated users. > > > > > > > > On Thu, 10 Mar 2005 09:28:01 -0800 > > "Nurul Faizal M.Shukeri" <[EMAIL PROTECTED]> wrote: > > > > > Hi everyone., > > > > > > Can anyone explain how to deploy client web authentication. I'm > > > using freeradius to authenticate wireless user. For the > time being > > > I'm just installed Aegis or 802.1X built in windows to be > > > supplicant. Anyone, plz help me . > > > > > > TQ very much > > > > > > > > > - > > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > > > -- > > > > Regards, > > M. Jessa > > Software developer/System Administrator > > http://www.yazzy.org > > > > > > > > > > > > > > - > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > -- > > Regards, > M. Jessa > Software developer/System Administrator > http://www.yazzy.org > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > This e-mail is private and may be confidential and is for the intended recipient only. If misdirected, please notify us by telephone and confirm that it has been deleted from your system and any copies destroyed. If you are not the intended recipient you are strictly prohibited from using, printing, copying, distributing or disseminating this e-mail or any information contained in it. We use reasonable endeavours to virus scan all e-mails leaving the Company but no warranty is given that this e-mail and any attachments are virus free. You should undertake your own virus checking. The right to monitor e-mail communications through our network is reserved by us. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
