How long it take to auth in 802.1X/WPA-enterprise?

JaeJong Baek jjb27 at emerald.yonsei.ac.kr
Tue Feb 23 14:34:07 CET 2010


Thank you very much.

Your comment and advice are very helpful to understand Radius mechanism

 

I replaced the AP(Belkin54g) with new one(DWL-8200AP, D-Link).

As a result, the delay time is reduced from 18 sec to 0.15 sec

I measured the time stamp the captured packet-based on Network Monitor
3.1(M$)

However, I'm not sure it depends on AP's feature or not.

 

I have already installed VMware tools in that measuring, so networking
configuration is ok.

 

Lastly, concerned with "Looking up realm",

Actually, I didn't know very well about this, 

I just use the user name like that style.

Can you explain in detail?

 

Best.

********************

Jaejong Baek

02-365-7966

*******************

Message: 3

Date: Thu, 18 Feb 2010 10:02:22 +0000

From: Alan Buxey <A.L.M.Buxey at lboro.ac.uk>

Subject: Re: How long it take to auth in 802.1X/WPA-enterprise?

To: FreeRadius users mailing list

       <freeradius-users at lists.freeradius.org>

Cc: "freeradius-users-owner at lists.freeradius.org"

       <freeradius-users-owner at lists.freeradius.org>

Message-ID: <20100218100222.GA11728 at lboro.ac.uk>

Content-Type: text/plain; charset=us-ascii

 

Hi,

> How long it take to auth in 802.1X/WPA-enterprise?

 

depends on the system and what methods etc...but easily under 1 second here

 

> In this simple network model, I have tried to auth using

> EAP-TLS(self-certification) and it works good.

> By the way, about 18 seconds are taken to auth as follow debug logs.

> (confer the timestamp (1) and (2))

 

wheres the real authentication - ie Access-Accept return packet?

 

do you have vmware tools on your ubuntu VMware hosted system - and therefore
using vmxnet driver instead of the slow pcnet32 ?  (lsmod | grep vmx)

 

turn off any non-needed modules - eg are you ever going to use /etc/passwd
for user accounts? if not, comment out the unix module whenever it appears..

likewise files, expiration, logintime etc..... make sure you are not going
to be needign them though!

 

..also...

 

> Wed Feb 17 21:37:00 2010 : Info: [suffix] Looking up realm 

> "xxxx.yyy.zz.vv" for User-Name = "kkk at xxxx.yyy.zz.vv"

> Wed Feb 17 21:37:00 2010 : Info: [suffix] No such realm "xxxx.yyy.zz.vv"

 

are you deliberately not dealing with this realm? are you expecting it to be
sent elsewhere?

 

alan

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100223/3226ca70/attachment.html>


More information about the Freeradius-Users mailing list