Re: R: R: R: R: system architecture
On 25 Nov 2002, at 12:04, Maurizio Martinoli wrote: From: "Maurizio Martinoli" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: R: R: R: R: system architecture Send reply to: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]?subject=subscribe> <mailto:[EMAIL PROTECTED]?subject=unsubscribe> Date sent: Mon, 25 Nov 2002 12:04:23 +0100 > i am only talking about the authentication, i am not talking > about the transferred data, don't worry. If the AP works just as > a HUB what kind of machine should i have between the AP and the > RADIUS? hbh>> At min... If the AP is local to the Radius Server, i.e., on the same LAN, then a HUB or Switch. If remote, then a Router or wireless gateway to some infrastructure (RF/T1 etc), to physical location of Radius. More complex topologies will include a FW between the AP and Radius bernie [EMAIL PROTECTED] > > > -Messaggio originale- > > Da: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED]] Per conto di > > Simon White Inviato: lunedì 25 novembre 2002 11.59 A: > > [EMAIL PROTECTED] Oggetto: Re: R: R: R: system > > architecture > > > > > > 25-Nov-02 at 11:51, Maurizio Martinoli > > ([EMAIL PROTECTED]) wrote : > > > well if my AP does not support RADIUS then there should be a > > > middle machine that takes the packets from the AP, > > > encapsulate > > them in RADIUS > > > format and sends them to the RADIUS server. What i don't > > understand is > > > what kind of software this machine should have. > > > Could you tell me? > > > > Eh? > > > > You're missing the point of authentication I think. You are > > surely not going to authenticate EVERY packet via Radius are > > you? You usually use authentication to determine whether > > someone even gets an IP to be able to use the network in the > > first place, you can't send every packet through some kind of > > approval server...! > > > > -- > > |-Simon White, Internet Services Manager, Certified Check Point > > CCSA. |-MTDS Internet, Security, Anti-Virus, Linux and Hosting > > Solutions. |-MTDS 14, rue du 16 novembre, Agdal, Rabat, > > Morocco. -MTDS tel |+212.3.767.4861 - fax +212.3.767.4863 > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: R: R: R: R: system architecture
25-Nov-02 at 12:04, Maurizio Martinoli ([EMAIL PROTECTED]) wrote : > i am only talking about the authentication, i am not talking about the > transferred data, don't worry. > If the AP works just as a HUB what kind of machine should i have between > the AP and the RADIUS? Depends on the AP, no? Doesn't your vendor have a solution? You still haven't told us who the vendor is. You could put a dhcp server which only gives IPs to mac addresses (but then you're not authenticating to username/password but just mac address which can be spoofed). Maybe a dhcp server exists that will authenticate via Radius and then give an IP, checking mac address as well. But really you also need key exchanges to be sure that the client can be allowed. Maybe Radius isn't the best solution. Most of all, be more specific about your setup and what you are trying to acheive. I'm not an expert on wireless so I'm not going to say any more, for risk of being totally wrong. -- |-Simon White, Internet Services Manager, Certified Check Point CCSA. |-MTDS Internet, Security, Anti-Virus, Linux and Hosting Solutions. |-MTDS 14, rue du 16 novembre, Agdal, Rabat, Morocco. |-MTDS tel +212.3.767.4861 - fax +212.3.767.4863 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
R: R: R: R: system architecture
i am only talking about the authentication, i am not talking about the transferred data, don't worry. If the AP works just as a HUB what kind of machine should i have between the AP and the RADIUS? > -Messaggio originale- > Da: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] Per conto di > Simon White > Inviato: lunedì 25 novembre 2002 11.59 > A: [EMAIL PROTECTED] > Oggetto: Re: R: R: R: system architecture > > > 25-Nov-02 at 11:51, Maurizio Martinoli > ([EMAIL PROTECTED]) wrote : > > well if my AP does not support RADIUS then there should be a middle > > machine that takes the packets from the AP, encapsulate > them in RADIUS > > format and sends them to the RADIUS server. What i don't > understand is > > what kind of software this machine should have. > > Could you tell me? > > Eh? > > You're missing the point of authentication I think. You are > surely not going to authenticate EVERY packet via Radius are > you? You usually use authentication to determine whether > someone even gets an IP to be able to use the network in the > first place, you can't send every packet through some kind of > approval server...! > > -- > |-Simon White, Internet Services Manager, Certified Check Point CCSA. > |-MTDS Internet, Security, Anti-Virus, Linux and Hosting Solutions. > |-MTDS 14, rue du 16 novembre, Agdal, Rabat, Morocco. -MTDS tel > |+212.3.767.4861 - fax +212.3.767.4863 > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html