Re: Radius attributes and APs
Alan DeKok escribió: David Mitton wrote: The problem with compiling such a list is acquiring the equipment to test. Adding up everyone on this list, we can probably account for most networking equipment sold in the past 10 years. The problem is getting that information out, and into the public arena. I discovered that the Linksys didn't honor Session-Timeouts when I captured it screwing up EAP-POTP sessions in progress, despite our RADIUS server providing Session-Timeout values in every EAP exchange. I think it's actually not properly implementing the 802.1x state machine in it's timeout behavior. I've updated the Wiki with a pointer to this message. :) I can't this link in the wiki. Can you put here the link to the specific url in the wiki? Thanks. The only AP that I know that works for everything I throw at it, during development, is the Cisco Aironet 1200 series. The only problem is that it's not cheap. But it works for me, so I don't try others. I've updated the Wiki with that information, too. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- - Manuel Sanchez Cuenca Departamento de Ingenieria de la Informacion y las Comunicaciones Facultad de Informatica. Universidad de Murcia Campus de Espinardo - 30080 Murcia (SPAIN) Tel.: +34-968-364644Fax: +34-968-364151 email: [EMAIL PROTECTED] | [EMAIL PROTECTED] url: http://libra.inf.um.es/~lolo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius attributes and APs
I'm all up for that and I'll add my contribution to the wiki of the AP's I've encountered. On 11/25/06, David Mitton [EMAIL PROTECTED] wrote: On 11/23/2006 02:09 PM, Alan DeKok wrote: Manuel Sanchez Cuenca wrote: Alan DeKok escribió: Do you have a more specific question? But not all APs enforce the Radius attributes. For example the Linksys wrt54g doesn't takes into account the session timeout attribute. So, can you tell me any AP which enforces this attribute, and others? If there was such a list, it would be up on freeradius.org, or on the wiki. That is, you're asking on the FreeRADIUS list about NAS documentation. I suggest picking an AP, and then reading its documentation to see if it supports the attributes, or asking the NAS vendor. Alan DeKok. -- The problem with compiling such a list is acquiring the equipment to test. Most of us just buy a couple APs and live with with we get. I discovered that the Linksys didn't honor Session-Timeouts when I captured it screwing up EAP-POTP sessions in progress, despite our RADIUS server providing Session-Timeout values in every EAP exchange. I think it's actually not properly implementing the 802.1x state machine in it's timeout behavior. And I didn't go looking for this. It was brought to my attention when someone else had a problem. The only AP that I know that works for everything I throw at it, during development, is the Cisco Aironet 1200 series. The only problem is that it's not cheap. But it works for me, so I don't try others. Dave. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius attributes and APs
=?ISO-8859-1?Q?Manuel_S=E1nchez_Cuenca?= [EMAIL PROTECTED] wrote: I can't this link in the wiki. Can you put here the link to the specific url in the wiki? I put the information on the Linksys and Cisco pages. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius attributes and APs
David Mitton wrote: The problem with compiling such a list is acquiring the equipment to test. Adding up everyone on this list, we can probably account for most networking equipment sold in the past 10 years. The problem is getting that information out, and into the public arena. I discovered that the Linksys didn't honor Session-Timeouts when I captured it screwing up EAP-POTP sessions in progress, despite our RADIUS server providing Session-Timeout values in every EAP exchange. I think it's actually not properly implementing the 802.1x state machine in it's timeout behavior. I've updated the Wiki with a pointer to this message. :) The only AP that I know that works for everything I throw at it, during development, is the Cisco Aironet 1200 series. The only problem is that it's not cheap. But it works for me, so I don't try others. I've updated the Wiki with that information, too. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius attributes and APs
On 11/23/2006 02:09 PM, Alan DeKok wrote: Manuel Sanchez Cuenca wrote: Alan DeKok escribió: Do you have a more specific question? But not all APs enforce the Radius attributes. For example the Linksys wrt54g doesn't takes into account the session timeout attribute. So, can you tell me any AP which enforces this attribute, and others? If there was such a list, it would be up on freeradius.org, or on the wiki. That is, you're asking on the FreeRADIUS list about NAS documentation. I suggest picking an AP, and then reading its documentation to see if it supports the attributes, or asking the NAS vendor. Alan DeKok. -- The problem with compiling such a list is acquiring the equipment to test. Most of us just buy a couple APs and live with with we get. I discovered that the Linksys didn't honor Session-Timeouts when I captured it screwing up EAP-POTP sessions in progress, despite our RADIUS server providing Session-Timeout values in every EAP exchange. I think it's actually not properly implementing the 802.1x state machine in it's timeout behavior. And I didn't go looking for this. It was brought to my attention when someone else had a problem. The only AP that I know that works for everything I throw at it, during development, is the Cisco Aironet 1200 series. The only problem is that it's not cheap. But it works for me, so I don't try others. Dave. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius attributes and APs
Manuel Sánchez Cuenca wrote: Can anybody tell me any Access Point which understand and enforce some radius attributes returned by freeradius, such as Session-Timeout. Access points implement RADIUS, so they understand RADIUS attributes. Do you have a more specific question? Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius attributes and APs
Alan DeKok escribió: Manuel Sánchez Cuenca wrote: Can anybody tell me any Access Point which understand and enforce some radius attributes returned by freeradius, such as Session-Timeout. Access points implement RADIUS, so they understand RADIUS attributes. Do you have a more specific question? But not all APs enforce the Radius attributes. For example the Linksys wrt54g doesn't takes into account the session timeout attribute. So, can you tell me any AP which enforces this attribute, and others? Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius attributes and APs
Manuel Sanchez Cuenca wrote: Alan DeKok escribió: Do you have a more specific question? But not all APs enforce the Radius attributes. For example the Linksys wrt54g doesn't takes into account the session timeout attribute. So, can you tell me any AP which enforces this attribute, and others? If there was such a list, it would be up on freeradius.org, or on the wiki. That is, you're asking on the FreeRADIUS list about NAS documentation. I suggest picking an AP, and then reading its documentation to see if it supports the attributes, or asking the NAS vendor. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
