Re: a freeradious/wireless solution for a school

On 1/18/07, gkalinec <gkalinec@newroads.org> wrote:
> places on campus for students and staff to access our network. The person
> who set these up (my current boss) simply did a MAC access control list on
> each AP and made the students and staff come to him to register their
> computers. This was a major pain since each of our APs (7 of them) had to
> have the new MAC address manually added to each AP every time we had a new
> laptop. The problem with this solution (aside from having to enter the MACs
> 7 times) was that we eventually run out of room in the MAC table. After

For the first wireless deployment at the .edu where I work, we used a
similar solution except that we used FreeRADIUS with a MySQL backend
for "registering" MAC addresses. Since "MAC authentication" isn't
secure at all, we ended up also requiring a VPN connection in order to
"get out".

Like you, I've recently gotten new equipment and am actually trying to
simplify things. We're doing away with the MAC authentication and VPN
connection and will simply be using ChilliSpot for controlling access
to our wireless networks. ChilliSpot uses FreeRADIUS for
authentication (and FreeRADIUS is verifying credentials against our
enterprise LDAP directory) with accounting information being stored in
MySQL.

Don't bother trying to use WEP in an academic environment. The point
of a WEP key is to keep it a secret. It's no longer a secret if you
must give it out to everyone. We implemented the VPN connection to
"force" a secure connection, but we're doing away with that.

HTH,
-j

--
Jeremy L. Gaddis, MCP, GCWN
http://www.linuxwiz.net/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html