Flaky AP or borked Config? EAP-PEAP
Alan DeKok
aland at deployingradius.com
Thu Aug 19 21:55:38 CEST 2010
Nolan King wrote:
> This is the manufacturer of the "broken AP"
> http://skypilot.trilliantinc.com/
>
> Skypilot was an indie manufacturer, recently purchased by trilliant. not sure who makes their hardware now- the tdm, one radio-many antennas approach has worked well for my muni mesh. they used to have a forum where i whined about the lack of EAP-TLS support to no avail, i think the forum is dead since the trilliant purchase.
>
> wireless security, 802.1x mentioned in these docs:
> http://skypilot.trilliantinc.com/pdf/wp_WirelessSecurity.pdf
> http://skypilot.trilliantinc.com/pdf/ds_SkyExtenderPlus.pdf
>
> only mention i could find specifically excluding EAP-TLS method is here, on page 25:
> http://skypilot.trilliantinc.com/support/documents/SkyAccess_DualBand_Installation_Guide.pdf
It takes a special kind of dedication to make PEAP work, but to break
EAP-TLS. i.e. you have to write *extra* code in the AP to look for
EAP-TLS. Then, you have to do something different from PEAP.
If the AP manufacturer instead supported EAP (*any* kind), then PEAP
would work. TTLS would work. TLS would work. EAP-FAST would work.
I've seen RADIUS servers that do this kind of thing (Merit). It's
good for everyone that no one uses those products any more.
Alan DeKok.
More information about the Freeradius-Users
mailing list