Radius Server - Re: Authenticating EAP-TLS and PEAP on same RADIUS for different S

This is Interesting: Free IT Magazines  
Home > Archive > Radius Server > February 2007 > Re: Authenticating EAP-TLS and PEAP on same RADIUS for different S





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author Re: Authenticating EAP-TLS and PEAP on same RADIUS for different S
rt-seb

2007-02-12, 1:17 pm

Hello Rainer,

"Rainer Sinsch" wrote:

> Hi Sebastian,
>
>
> This is the case. Every SSID broadcasts a different VLAN with a different
> subnet.
>
>
> I don't think this will work, because the radius-client is the AP
> management-interface, which belongs to the management subnet. Perhaps I
> missed to explain this in detail, but my scenario is based on access points
> with multiple WLAN/SSIDs and I need different authentication types on
> different SSIDs.
>
>
> As mentioned above: The RADIUS client is the same, no matter if it is SSID#1
> or SSID#2.
>
>
> I am afraid that this is not possible. The RADIUS client is always the AP
> management interface, or - in controller environments - the wireless lan
> controller.
>
Okay, I understand that issue.
Some APs are able to send VSAs incl. the SSID, but that won't help because
the IAS has no appropriate condition filter for applying RAS policies.

One way could be to have an IAS extension that evaluates the VSAs and
the remaps an SSID to a value of an attribute the IAS can match
(e.g. map SSID to NAS-Identifier or Service-Type).

Sebastian
Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com