FR virtual server question and EAP configuration
michal.bruncko at gmail.com
Fri Jul 16 00:34:35 CEST 2010
I am using FR with WPA2-Enterprise autentification in Wifi environment
with this scheme:
SSID 1 \
SSID 2 --- AP <-- Trunk --> Ruter <-----> FreeRadius
SSID 3 /
My goal is to configure different security for different SSID through
one freeradius with virtual server feature.
My first question is, if it's possible to have different FR server
configuration per SSID on single Access Point? AP have its IP address
from specific managemenet VLAN (different from any SSID X VLAN). I know,
that on freeradius side can be configuration separated by client IP
address, but in my scenario, the IP of radius client is same for every
VLAN/SSID, but the only distinguished part in communication is
"Called-Station-Id" in Access-Request with form: <radio-mac>:<ssid>.
Ok, next question which is related a bit to previously one. I have
presumted that freeradius cannot distinguishes between requests from
different SSID, so I have configured different IP address of Radius
server per SSID configuration on AP and all IP addresses are pointed to
single radius server and I want to use one virtual server per listen IP
address. But how I should to tell FR server, which EAP configuration
must apply to which virtual server?
SSID 1: Security WPA2-Ent. with EAP-PEAP, for authorized mobile clients
SSID 2: Security WPA2-Ent. with EAP-TLS, for persistent wifi computers
with installed certificates
How can I configure this situation with FR Virtual server feature? Can I
simply copy, rename and modify "eap" part from eap.conf to "eap_2" and
applying it in athorize/authenticate sections in second virtual server?
It is enough? I have looking for any example for this scenario but
whithout any success.
More information about the Freeradius-Users