Nolan King wrote:
This is the manufacturer of the "broken AP" http://skypilot.trilliantinc.com/
Skypilot was an indie manufacturer, recently purchased by trilliant. not sure who makes their hardware now- the tdm, one radio-many antennas approach has worked well for my muni mesh. they used to have a forum where i whined about the lack of EAP-TLS support to no avail, i think the forum is dead since the trilliant purchase.
wireless security, 802.1x mentioned in these docs: http://skypilot.trilliantinc.com/pdf/wp_WirelessSecurity.pdf http://skypilot.trilliantinc.com/pdf/ds_SkyExtenderPlus.pdf
only mention i could find specifically excluding EAP-TLS method is here, on page 25: http://skypilot.trilliantinc.com/support/documents/SkyAccess_DualBand_Instal...
It takes a special kind of dedication to make PEAP work, but to break EAP-TLS. i.e. you have to write *extra* code in the AP to look for EAP-TLS. Then, you have to do something different from PEAP. If the AP manufacturer instead supported EAP (*any* kind), then PEAP would work. TTLS would work. TLS would work. EAP-FAST would work. I've seen RADIUS servers that do this kind of thing (Merit). It's good for everyone that no one uses those products any more. Alan DeKok.