26 Nov
2011
26 Nov
'11
6:49 p.m.
so it is, you can only protect your AP client with the shared secret key.
Not necessarily. If the switch to which the WAP is connected supports 802.1x, it could act as a NAS and authenticate the WAP with EAP/TLS.
By WAP I take it you mean the wireless client, right? If so, this is indeed the case - the client will be a Linux-based device with wpa_supplicant and a driver which supports nl80211/cfg80211, so I can configure - at least on the client's part - EAP-TTLS/EAP-TLS authentication. My aim is to do the same on AP and RADIUS, which is the point of actually starting this thread as my "experience" with RADIUS is nil.