Re: Radius attributes and APs
This is a discussion on Re: Radius attributes and APs within the FreeRADIUS Users forums, part of the Networking and Network Related category; --===============1911124559== Content-Type: multipart/alternative; boundary="----=_Part_1203_26004772.1164702802252" ------=_Part_1203_26004772.1164702802252 Content-Type: text/plain; charset=ISO-8859-1; ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
11-28-2006
|
|||
|
|||
Re: Radius attributes and APs
--===============1911124559==
Content-Type: multipart/alternative; boundary="----=_Part_1203_26004772.1164702802252" ------=_Part_1203_26004772.1164702802252 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable Content-Disposition: inline I'm all up for that and I'll add my contribution to the wiki of the AP's I've encountered. On 11/25/06, David Mitton <david@mitton.com> wrote: > > On 11/23/2006 02:09 PM, Alan DeKok wrote: > >Manuel Sanchez Cuenca wrote: > > > Alan DeKok escribi=F3: > > > > >> Do you have a more specific question? > > >> > > > But not all APs enforce the Radius attributes. For example the Linksy= s > > > wrt54g doesn't takes into account the session timeout attribute. So, > can > > > you tell me any AP which enforces this attribute, and others? > > > > If there was such a list, it would be up on freeradius.org, or on the > >wiki. That is, you're asking on the FreeRADIUS list about NAS > >documentation. > > > > I suggest picking an AP, and then reading its documentation to see if > >it supports the attributes, or asking the NAS vendor. > > > > Alan DeKok. > >-- > > The problem with compiling such a list is acquiring the equipment to test= .. > Most of us just buy a couple APs and live with with we get. > > I discovered that the Linksys didn't honor > Session-Timeouts when I captured it screwing up > EAP-POTP sessions in progress, despite our RADIUS > server providing Session-Timeout values in every EAP exchange. > I think it's actually not properly implementing > the 802.1x state machine in it's timeout behavior. > > And I didn't go looking for this. It was brought > to my attention when someone else had a problem. > > The only AP that I know that works for everything > I throw at it, during development, is the Cisco > Aironet 1200 series. The only problem is that > it's not cheap. But it works for me, so I don't try others. > > Dave. > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > ------=_Part_1203_26004772.1164702802252 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline I'm all up for that and I'll add my contribution to the wiki of the AP's I'= ve encountered.<br><br><div><span class=3D"gmail_quote">On 11/25/06, <b cla= ss=3D"gmail_sendername">David Mitton</b> <<a href=3D"mailto:david@mitton= ..com"> david@mitton.com</a>> wrote:</span><blockquote class=3D"gmail_quote" sty= le=3D"border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex;= padding-left: 1ex;">On 11/23/2006 02:09 PM, Alan DeKok wrote:<br>>Manue= l Sanchez Cuenca wrote: <br>> > Alan DeKok escribi=F3:<br>><br>> >> D= o you have a more specific question?<br>> >><br>> > But not = all APs enforce the Radius attributes. For example the Linksys<br>> >= wrt54g doesn't takes into account the session timeout attribute. So, can <br>> > you tell me any AP which enforces this attribute, and others?= <br>><br>> If there was such a list, it would be up on <a= href=3D"http://freeradius.org">freeradius.org</a>, or on the<br>>wiki.&= nbsp; That is, you're asking on the FreeRADIUS list about NAS <br>>documentation.<br>><br>> &nbs p; I suggest picking an AP,= and then reading its documentation to see if<br>>it supports the attrib= utes, or asking the NAS vendor.<br>><br>> Alan DeKok.<br>= >--<br><br>The problem with compiling such a list is acquiring the equip= ment to test. <br>Most of us just buy a couple APs and live with with we get.<br><br>I di= scovered that the Linksys didn't honor<br>Session-Timeouts when I captured = it screwing up<br>EAP-POTP sessions in progress, despite our RADIUS<br> server providing Session-Timeout values in every EAP exchange.<br>I think i= t's actually not properly implementing<br>the 802.1x state machine in it's = timeout behavior.<br><br>And I didn't go looking for this. It wa= s brought <br>to my attention when someone else had a problem.<br><br>The only AP tha= t I know that works for everything<br>I throw at it, during development, is= the Cisco<br>Aironet 1200 series. The only problem is that<br>= it's not cheap. But it works for me, so I don't try others. <br><br>Dave.<br><br><br>-<br>List info/subscribe/unsubscribe? See <a href= =3D"http://www.freeradius.org/list/users.html">http://www.freeradius.org/li= st/users.html</a><br></blockquote></div><br> ------=_Part_1203_26004772.1164702802252-- --===============1911124559== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --===============1911124559==-- 
|
Linear Mode
