basic handling of multiple EAP-Methods by freerad
Josh Howlett
josh.howlett at bristol.ac.uk
Thu Jun 29 21:11:13 CEST 2006
On 29 Jun 2006, at 17:23, Rainer Brinkmann wrote:
> Hello,
>
> we wonder, how a freeradius can request a client to use a fixed EAP-
> Method:
> so its defined:
> Client starts with EAP-Start-Msg
> Radius wants EAP-Identity
> Client answers with Username or Hostname NOT using a special EAP-
> Method
>
> Radius now starts communiucating with the first EAP-Packet, using the
> special EAP-Method
>
> Question:
>
> you run in your wireless LAN many SSIDs:
> SSID1 shall use EAP-TTLS
> SSID2 shall use EAP-TLS (high-secured Net like personal Data)
I'd personally question the assumption that TLS is any more secure
than TTLS, but if you want to do this it is probably easiest to have
a single SSID, and allocate a VLAN dynamically depending on whether
they've used TTLS or TLS.
josh.
> what logic starts the right inner-EAP-Protocol, cause neither the
> AccessPoint(WLAN-Controller), nor the
> radius server know, what Method to use, when there are many enabled.
>
> e.g. on a cisco-Radius, that runs with enabled PEAP and TLS, but
> there's no
> special attribute defined to control that
>
>
> thanks for reply,
> Rainer Brinkmann
>
> University-Clinicum Hamburg / Germany
>
>
> - List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
Josh Howlett, Networking Specialist, University of Bristol.
email: josh.howlett at bristol.ac.uk | phone: +44 (0)7867 907076 |
internal: 7850
More information about the Freeradius-Users
mailing list