[BNM] 802.1x Authentication

[Dave Phelan]

On 8/5/06, Sevan / Venture37 <venture37 at hotmail.com> wrote:
> Doh!
> Just re-read your post, PierToPier does not use IAS, but Chillispot can
> talk to any standard compliant RADIUS server. erm I guess that's IAS out
> of the window then! :)

And we don't use WEP, WPA, or any form of encryption. Or 802.1x. All
the network gatekeeping is done via captive portals, either chilispot
(where we are runnin our own versions of openWRT or pebble) or
nocatsplash (where we have yet to remove hostap).

On 8/5/06, Richard Maynard <rjm at wessexnetworks.com> wrote:
> Has anyone deployed a wireless network using 802.1x authentication against a
> RADIUS server (called IAS on Server 2003) running on Windows Server 2003?
>
> I'd be interested to hear from you if you have... and .... how you did it!
> Centralised key management is a bit lacking with WEP / WPA Personal and not
> an ideal for my larger customers.

You shouldn't really be using WPA personal for any non-home network -
you want to look at proper key management/authentication solutions.
Generally speaking. any upfront cost is going to be deferred by the
expense of touching every client every time you need to change the key
(and if you're not touching every client, then how are you making sure
the shared key isn't getting shared by people you don't want to have
it?

That said, I can't offer any experience on an 802.1x/RADIUS
deployment, much as I would like to ...

Dave Ph
-- 
 Dave Phelan CCIE#3590   ICQ: 50180416    GSM: +44 (0)7776 168561
 dave.phelan at gmail.com                  http://www.davephelan.org
 "I think rock 'n' roll and science fiction were in a
 very real sense all the culture I had."    -- William Gibson.