-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 El 2008-01-10 a las 20:37 +0100, csalinux escribió:
Lo que falta es decir que campos quieren que se definan en el radius.
Wireless - RADIUS Setting This section allows you to set up additional parameters for authorizing wireless clients through RADIUS server. It is required while you select "Authentication Method" in "Wireless - Interface" as "WPA-ENTERPRISE/WPA2-ENTERPRISE" or "Radius with 802.1x". Server IP Address: IP address of de radious server Server Port: 1812 UDP port or the radius server Connection Secret: ¿Contraseña del servidor radius :P ?
Eso lo sé. Lo que no sé es que quieren que defina en el servidor radius, que no es lo de arriba. ¿Parejas de login/pass? http://en.wikipedia.org/wiki/802.1x Some vendors are implementing 802.1X for wireless access points, to be used in certain situations where an access point needs to be operated as a closed access point, addressing the security vulnerabilities of WEP (see 802.11i). The authentication is usually done by a third-party entity, such as a RADIUS server. This provides for client-only authentication, or more appropriately, strong mutual authentication using protocols such as EAP-TLS. ... Upon detection of the new client (supplicant), the port on the switch (authenticator) will be enabled and set to the "unauthorized" state. In this state, only 802.1X traffic will be allowed; other traffic, such as DHCP and HTTP, will be blocked at the data link layer. The authenticator will send out the EAP-Request identity to the supplicant, the supplicant will then send out the EAP-response packet that the authenticator will forward to the authenticating server. The authenticating server can accept or reject the EAP-Request; if it accepts the request, the authenticator will set the port to the "authorized" mode and normal traffic will be allowed. When the supplicant logs off, he will send an EAP-logoff message to the authenticator. The authenticator will then set the port to the "unauthorized" state, once again blocking all non-EAP traffic. Todo eso necesita configuración apropiada en el radius. - -- Saludos Carlos E.R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFHhoOUtTMYHG2NR9URAqViAJ0e34QgUiQ/ON+eKE5ZxSLiLOluugCggR27 NUMOi6oCWXcMtP0K+5DMVeI= =ugkI -----END PGP SIGNATURE-----