On 11/26/2011 11:49 PM, Mr Dash Four wrote:
so it is, you can only protect your AP client with the shared secret
key.
Not necessarily. If the switch to which the WAP is connected supports
802.1x, it could act as a NAS and authenticate the WAP with EAP/TLS.
By WAP I take it you mean the wireless client, right? If so, this is
No. WAP == Wireless Access Point.
indeed the case - the client will be a Linux-based device with
wpa_supplicant and a driver which supports nl80211/cfg80211, so I can
configure - at least on the client's part - EAP-TTLS/EAP-TLS
authentication. My aim is to do the same on AP and RADIUS, which is the
point of actually starting this thread as my "experience" with RADIUS is
nil.
So you keep saying. I note however that it doesn't stop you from making
judgements on its security, and you're getting a lot of stick for that
(from me and others).
Seriously - it's good you want to learn. But why not do that first, then
ask questions based on the knowledge you've acquired and, hopefully,
understood? If you're missing basic terms like "WAP" i.e. a Wireless
Access Point, then I've got to say, you've got some work to do on the
fundamentals...
In brief, Ian was suggesting it's possible for the wireless AP to act as
an 802.1x client to the upstream ethernet switch (if that's the
topology). This is correct, but not IMO relevant to your concerns
(however misguided) or questions.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
